Search CVE reports
31 – 40 of 77 results
CVE-2019-19959
Medium prioritySome fixes available 2 of 3
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed | Not affected |
CVE-2019-20218
Low prioritySome fixes available 3 of 4
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-19925
Medium prioritySome fixes available 2 of 3
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed | Not affected |
CVE-2019-19924
Medium prioritySome fixes available 1 of 2
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | — | Not affected | Not affected |
CVE-2019-19923
Medium prioritySome fixes available 2 of 3
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed | Not affected |
CVE-2019-19926
Medium prioritySome fixes available 4 of 5
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | Not affected | Fixed | Fixed |
CVE-2019-19880
Medium prioritySome fixes available 1 of 2
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | — | Not affected | Not affected |
CVE-2019-13753
Medium prioritySome fixes available 18 of 30
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
3 affected packages
chromium-browser, sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-13752
Medium prioritySome fixes available 18 of 30
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
3 affected packages
chromium-browser, sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-13751
Medium prioritySome fixes available 18 of 30
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
3 affected packages
chromium-browser, sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Not affected | Fixed | Fixed |