Filtered by vendor Sqlite
Subscriptions
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6590 | 2 Lightneasy, Sqlite | 2 Lightneasy, Sqlite | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php. | ||||
| CVE-2008-6593 | 2 Lightneasy, Sqlite | 2 Lightneasy, Sqlite | 2025-04-09 | N/A |
| SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. | ||||
| CVE-2008-6589 | 2 Lightneasy, Sqlite | 2 Lightneasy, Sqlite | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. | ||||
| CVE-2023-7104 | 3 Fedoraproject, Redhat, Sqlite | 6 Fedora, Enterprise Linux, Openshift and 3 more | 2025-02-13 | 5.5 Medium |
| A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. | ||||
| CVE-2024-0232 | 3 Fedoraproject, Redhat, Sqlite | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2025-02-11 | 4.7 Medium |
| A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. | ||||
| CVE-2022-35737 | 4 Netapp, Redhat, Splunk and 1 more | 5 Ontap Select Deploy Administration Utility, Enterprise Linux, Rhel Eus and 2 more | 2024-11-21 | 7.5 High |
| SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | ||||
| CVE-2021-45346 | 2 Netapp, Sqlite | 2 Ontap Select Deploy Administration Utility, Sqlite | 2024-11-21 | 4.3 Medium |
| A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. | ||||
| CVE-2021-36690 | 3 Apple, Oracle, Sqlite | 6 Iphone Os, Macos, Tvos and 3 more | 2024-11-21 | 7.5 High |
| A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. | ||||
| CVE-2021-20227 | 2 Oracle, Sqlite | 7 Communications Network Charging And Control, Enterprise Manager For Oracle Database, Jd Edwards Enterpriseone Tools and 4 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-9327 | 6 Canonical, Netapp, Oracle and 3 more | 12 Ubuntu Linux, Cloud Backup, Communications Messaging Server and 9 more | 2024-11-21 | 7.5 High |
| In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | ||||
| CVE-2020-35527 | 3 Netapp, Redhat, Sqlite | 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Sqlite | 2024-11-21 | 9.8 Critical |
| In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. | ||||
| CVE-2020-35525 | 2 Redhat, Sqlite | 2 Enterprise Linux, Sqlite | 2024-11-21 | 7.5 High |
| In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. | ||||
| CVE-2020-15358 | 6 Apple, Canonical, Oracle and 3 more | 17 Icloud, Ipados, Iphone Os and 14 more | 2024-11-21 | 5.5 Medium |
| In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | ||||
| CVE-2020-13871 | 6 Debian, Fedoraproject, Netapp and 3 more | 12 Debian Linux, Fedora, Cloud Backup and 9 more | 2024-11-21 | 7.5 High |
| SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | ||||
| CVE-2020-13632 | 9 Brocade, Canonical, Debian and 6 more | 14 Fabric Operating System, Ubuntu Linux, Debian Linux and 11 more | 2024-11-21 | 5.5 Medium |
| ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | ||||
| CVE-2020-13631 | 9 Apple, Brocade, Canonical and 6 more | 20 Icloud, Ipados, Iphone Os and 17 more | 2024-11-21 | 5.5 Medium |
| SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | ||||
| CVE-2020-13630 | 10 Apple, Brocade, Canonical and 7 more | 21 Icloud, Ipados, Iphone Os and 18 more | 2024-11-21 | 7.0 High |
| ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | ||||
| CVE-2020-13435 | 3 Fedoraproject, Redhat, Sqlite | 3 Fedora, Enterprise Linux, Sqlite | 2024-11-21 | 5.5 Medium |
| SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. | ||||
| CVE-2020-13434 | 8 Apple, Canonical, Debian and 5 more | 16 Icloud, Ipados, Iphone Os and 13 more | 2024-11-21 | 5.5 Medium |
| SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | ||||
| CVE-2020-11656 | 5 Netapp, Oracle, Siemens and 2 more | 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more | 2024-11-21 | 9.8 Critical |
| In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | ||||