CVE-2020-9327
- EPSS 3.68%
- Veröffentlicht 21.02.2020 22:15:10
- Zuletzt bearbeitet 21.11.2024 05:40:25
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVE-2019-19959
- EPSS 3.24%
- Veröffentlicht 03.01.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 04:35:44
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
CVE-2019-20218
- EPSS 3.62%
- Veröffentlicht 02.01.2020 14:16:36
- Zuletzt bearbeitet 21.11.2024 04:38:13
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
CVE-2019-19925
- EPSS 6.81%
- Veröffentlicht 24.12.2019 17:15:10
- Zuletzt bearbeitet 21.11.2024 04:35:40
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVE-2019-19924
- EPSS 7.86%
- Veröffentlicht 24.12.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:35:40
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
CVE-2019-19923
- EPSS 6.81%
- Veröffentlicht 24.12.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:35:40
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
CVE-2019-19926
- EPSS 7%
- Veröffentlicht 23.12.2019 01:15:13
- Zuletzt bearbeitet 21.11.2024 04:35:41
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
CVE-2019-19880
- EPSS 6.94%
- Veröffentlicht 18.12.2019 06:15:12
- Zuletzt bearbeitet 21.11.2024 04:35:34
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
CVE-2019-19646
- EPSS 5.23%
- Veröffentlicht 09.12.2019 19:15:14
- Zuletzt bearbeitet 21.11.2024 04:35:07
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
CVE-2019-19603
- EPSS 8.25%
- Veröffentlicht 09.12.2019 19:15:14
- Zuletzt bearbeitet 21.11.2024 04:35:01
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.