CVE-2019-19645
- EPSS 0.57%
- Veröffentlicht 09.12.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:35:07
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
CVE-2019-19317
- EPSS 4.28%
- Veröffentlicht 05.12.2019 14:15:09
- Zuletzt bearbeitet 21.11.2024 04:34:33
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2019-19242
- EPSS 2.54%
- Veröffentlicht 27.11.2019 17:15:14
- Zuletzt bearbeitet 21.11.2024 04:34:23
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
CVE-2019-19244
- EPSS 3.33%
- Veröffentlicht 25.11.2019 20:15:11
- Zuletzt bearbeitet 21.11.2024 04:34:24
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
CVE-2019-16168
- EPSS 4.25%
- Veröffentlicht 09.09.2019 17:15:13
- Zuletzt bearbeitet 28.05.2026 19:16:30
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVE-2019-8457
- EPSS 45.43%
- Veröffentlicht 30.05.2019 16:29:01
- Zuletzt bearbeitet 21.11.2024 04:49:56
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
CVE-2019-5018
- EPSS 6.68%
- Veröffentlicht 10.05.2019 19:29:07
- Zuletzt bearbeitet 21.11.2024 04:44:11
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send ...
CVE-2018-20506
- EPSS 7.53%
- Veröffentlicht 03.04.2019 18:29:01
- Zuletzt bearbeitet 21.11.2024 04:01:37
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to exe...
CVE-2018-20505
- EPSS 6.77%
- Veröffentlicht 03.04.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:37
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
CVE-2019-9936
- EPSS 5.67%
- Veröffentlicht 22.03.2019 08:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:37
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.