VYPR

Vendor CVEs

SQLite

All CVEs

72 total · sorted by risk
  • CVE-2020-11656Apr 9, 2020
    risk 0.00cvss epss 0.07

    In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

  • CVE-2020-9327Feb 21, 2020
    risk 0.00cvss epss 0.04

    In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

  • CVE-2019-19959Jan 3, 2020
    risk 0.00cvss epss 0.03

    ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.

  • CVE-2019-20218Jan 2, 2020
    risk 0.00cvss epss 0.04

    selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.

  • CVE-2019-13752Dec 10, 2019
    risk 0.00cvss epss 0.02

    Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2019-19646Dec 9, 2019
    risk 0.00cvss epss 0.05

    pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

  • CVE-2019-19645Dec 9, 2019
    risk 0.00cvss epss 0.01

    alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

  • CVE-2019-19317Dec 5, 2019
    risk 0.00cvss epss 0.04

    lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

  • CVE-2019-19244Nov 25, 2019
    risk 0.00cvss epss 0.03

    sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.

  • CVE-2019-19242Nov 25, 2019
    risk 0.00cvss epss 0.03

    SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

  • CVE-2019-5827Jun 27, 2019
    risk 0.00cvss epss 0.02

    Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5018May 10, 2019
    risk 0.00cvss epss 0.07

    An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to…

  • CVE-2019-9937Mar 22, 2019
    risk 0.00cvss epss 0.06

    In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.

  • CVE-2019-9936Mar 22, 2019
    risk 0.00cvss epss 0.06

    In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.

  • CVE-2015-6607Oct 6, 2015
    risk 0.00cvss epss 0.02

    SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.

  • CVE-2013-7443Aug 12, 2015
    risk 0.00cvss epss 0.03

    Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.

  • CVE-2015-3717Jul 3, 2015
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

  • CVE-2015-3416Apr 24, 2015
    risk 0.00cvss epss 0.06

    The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or…

  • CVE-2015-3415Apr 24, 2015
    risk 0.00cvss epss 0.05

    The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as…

  • CVE-2015-3414Apr 24, 2015
    risk 0.00cvss epss 0.05

    SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE…

  • CVE-2008-6589Apr 3, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.

  • CVE-2007-1888Apr 6, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a…

Page 2 of 2