Vendor CVEs
SQLite
All CVEs
72 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11656 | 0.00 | — | 0.07 | Apr 9, 2020 | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | |||
| CVE-2020-9327 | 0.00 | — | 0.04 | Feb 21, 2020 | In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | |||
| CVE-2019-19959 | 0.00 | — | 0.03 | Jan 3, 2020 | ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. | |||
| CVE-2019-20218 | 0.00 | — | 0.04 | Jan 2, 2020 | selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. | |||
| CVE-2019-13752 | 0.00 | — | 0.02 | Dec 10, 2019 | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-19646 | 0.00 | — | 0.05 | Dec 9, 2019 | pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | |||
| CVE-2019-19645 | 0.00 | — | 0.01 | Dec 9, 2019 | alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | |||
| CVE-2019-19317 | 0.00 | — | 0.04 | Dec 5, 2019 | lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |||
| CVE-2019-19244 | 0.00 | — | 0.03 | Nov 25, 2019 | sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. | |||
| CVE-2019-19242 | 0.00 | — | 0.03 | Nov 25, 2019 | SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. | |||
| CVE-2019-5827 | 0.00 | — | 0.02 | Jun 27, 2019 | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-5018 | 0.00 | — | 0.07 | May 10, 2019 | An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to… | |||
| CVE-2019-9937 | 0.00 | — | 0.06 | Mar 22, 2019 | In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. | |||
| CVE-2019-9936 | 0.00 | — | 0.06 | Mar 22, 2019 | In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. | |||
| CVE-2015-6607 | 0.00 | — | 0.02 | Oct 6, 2015 | SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. | |||
| CVE-2013-7443 | 0.00 | — | 0.03 | Aug 12, 2015 | Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. | |||
| CVE-2015-3717 | 0.00 | — | 0.04 | Jul 3, 2015 | Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2015-3416 | 0.00 | — | 0.06 | Apr 24, 2015 | The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or… | |||
| CVE-2015-3415 | 0.00 | — | 0.05 | Apr 24, 2015 | The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as… | |||
| CVE-2015-3414 | 0.00 | — | 0.05 | Apr 24, 2015 | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE… | |||
| CVE-2008-6589 | 0.00 | — | 0.01 | Apr 3, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. | |||
| CVE-2007-1888 | 0.00 | — | 0.03 | Apr 6, 2007 | Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a… |
- CVE-2020-11656Apr 9, 2020risk 0.00cvss —epss 0.07
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
- CVE-2020-9327Feb 21, 2020risk 0.00cvss —epss 0.04
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
- CVE-2019-19959Jan 3, 2020risk 0.00cvss —epss 0.03
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
- CVE-2019-20218Jan 2, 2020risk 0.00cvss —epss 0.04
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
- CVE-2019-13752Dec 10, 2019risk 0.00cvss —epss 0.02
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- CVE-2019-19646Dec 9, 2019risk 0.00cvss —epss 0.05
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
- CVE-2019-19645Dec 9, 2019risk 0.00cvss —epss 0.01
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
- CVE-2019-19317Dec 5, 2019risk 0.00cvss —epss 0.04
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
- CVE-2019-19244Nov 25, 2019risk 0.00cvss —epss 0.03
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
- CVE-2019-19242Nov 25, 2019risk 0.00cvss —epss 0.03
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
- CVE-2019-5827Jun 27, 2019risk 0.00cvss —epss 0.02
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5018May 10, 2019risk 0.00cvss —epss 0.07
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to…
- CVE-2019-9937Mar 22, 2019risk 0.00cvss —epss 0.06
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.
- CVE-2019-9936Mar 22, 2019risk 0.00cvss —epss 0.06
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
- CVE-2015-6607Oct 6, 2015risk 0.00cvss —epss 0.02
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
- CVE-2013-7443Aug 12, 2015risk 0.00cvss —epss 0.03
Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.
- CVE-2015-3717Jul 3, 2015risk 0.00cvss —epss 0.04
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2015-3416Apr 24, 2015risk 0.00cvss —epss 0.06
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or…
- CVE-2015-3415Apr 24, 2015risk 0.00cvss —epss 0.05
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as…
- CVE-2015-3414Apr 24, 2015risk 0.00cvss —epss 0.05
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE…
- CVE-2008-6589Apr 3, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.
- CVE-2007-1888Apr 6, 2007risk 0.00cvss —epss 0.03
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a…
Page 2 of 2