Search CVE reports
11 – 20 of 81 results
A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious...
1 affected package
node-sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| node-sqlite3 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 1 of 2
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | — | Not affected | Not affected | Not affected |
| sqlite3 | — | Fixed | Not affected | Not affected |
Some fixes available 1 of 4
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | — | Not affected | Not affected | Not affected |
| sqlite3 | — | Not affected | Fixed | Ignored |
Some fixes available 4 of 5
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | Not in release | Not affected | Not affected | Not affected |
| sqlite3 | Not affected | Not affected | Fixed | Fixed |
Some fixes available 1 of 2
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | — | Not affected | Not affected | Not affected |
| sqlite3 | — | Not affected | Fixed | Not affected |
Some fixes available 5 of 6
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | Not in release | Not affected | Not affected | Not affected |
| sqlite3 | Not affected | Fixed | Fixed | Fixed |
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
1 affected package
node-sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| node-sqlite3 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that...
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | — | Ignored | Ignored | Ignored |
| sqlite3 | — | Ignored | Ignored | Ignored |
Some fixes available 3 of 5
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because...
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | — | Not affected | Not affected | Not affected |
| sqlite3 | — | Not affected | Fixed | Fixed |
In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL...
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | — | Not affected | Not affected | Not affected |
| sqlite3 | — | Not affected | Not affected | Not affected |