Search CVE reports


Toggle filters

41 – 50 of 74 results


CVE-2019-19603

Low priority

Some fixes available 1 of 5

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite Not affected Not affected
sqlite3 Not affected Ignored
Show less packages

CVE-2019-19645

Low priority

Some fixes available 1 of 5

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite Not affected Not affected
sqlite3 Not affected Ignored
Show less packages

CVE-2019-19317

Medium priority
Not affected

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Not affected
Show less packages

CVE-2019-19242

Low priority
Fixed

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Not affected
Show less packages

CVE-2019-19244

Medium priority
Fixed

sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite Not affected
sqlite3 Not affected
Show less packages

CVE-2019-16168

Low priority
Fixed

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a “severe division by zero in the query planner.”

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Fixed
Show less packages

CVE-2019-5827

Low priority

Some fixes available 6 of 20

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

3 affected packages

chromium-browser, sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Not affected Not affected Not affected Fixed
sqlite Not in release Needs evaluation Needs evaluation Needs evaluation
sqlite3 Not affected Not affected Not affected Fixed
Show less packages

CVE-2019-8457

Medium priority

Some fixes available 32 of 61

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

5 affected packages

chromium, db5.3, qtwebengine-opensource-src, sqlcipher, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium Not in release Not in release Not in release Not in release
db5.3 Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
sqlcipher Vulnerable Vulnerable Vulnerable Vulnerable
sqlite3 Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-5018

Low priority
Fixed

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution....

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Not affected
Show less packages

CVE-2018-20506

Medium priority
Fixed

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a “merge” operation that occurs after crafted changes to FTS3 shadow tables, allowing...

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Fixed
Show less packages