VYPR

SQLite

by SQLite

Source repositories

CVEs (71)

  • CVE-2019-5018May 10, 2019
    risk 0.00cvss epss 0.07

    An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to…

  • CVE-2019-9937Mar 22, 2019
    risk 0.00cvss epss 0.06

    In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.

  • CVE-2019-9936Mar 22, 2019
    risk 0.00cvss epss 0.06

    In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.

  • CVE-2015-6607Oct 6, 2015
    risk 0.00cvss epss 0.02

    SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.

  • CVE-2013-7443Aug 12, 2015
    risk 0.00cvss epss 0.03

    Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.

  • CVE-2015-3717Jul 3, 2015
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

  • CVE-2015-3416Apr 24, 2015
    risk 0.00cvss epss 0.06

    The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or…

  • CVE-2015-3415Apr 24, 2015
    risk 0.00cvss epss 0.05

    The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as…

  • CVE-2015-3414Apr 24, 2015
    risk 0.00cvss epss 0.05

    SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE…

  • CVE-2008-6589Apr 3, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.

  • CVE-2007-1888Apr 6, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a…

Page 4 of 4