This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sqlite First view 2009-04-03
Product Sqlite Last view 2020-06-27
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:sqlite:sqlite:1.2.2:*:*:*:*:*:*:* 27
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* 24
cpe:2.3:a:sqlite:sqlite:3.8.2:*:*:*:*:*:*:* 24
cpe:2.3:a:sqlite:sqlite:3.8.8.3:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.1:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.3:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.4:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.5:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.8:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.9:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.10:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.12:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.13:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.14:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.15:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.16:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.17:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.18:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.19:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.20:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.21:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.22:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.23:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.24:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.25:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.26:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.27:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.28:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.29:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.30:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.31:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:1.0.32:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.0.0:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.0.1:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.0.2:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.0.3:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.0.4:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.0.5:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.0.6:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.0.7:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.0.8:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.1.0:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.1.1:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.1.2:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.1.3:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.1.4:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.1.5:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.1.6:*:*:*:*:*:*:* 23
cpe:2.3:a:sqlite:sqlite:2.1.7:*:*:*:*:*:*:* 23

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2020-06-27 CVE-2020-15358

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

7.5 2020-06-06 CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

5.5 2020-05-27 CVE-2020-13632

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

5.5 2020-05-27 CVE-2020-13631

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

7 2020-05-27 CVE-2020-13630

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

5.5 2020-05-24 CVE-2020-13435

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

5.5 2020-05-24 CVE-2020-13434

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

9.8 2020-04-09 CVE-2020-11656

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

7.5 2020-04-09 CVE-2020-11655

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

7.5 2020-02-21 CVE-2020-9327

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

7.5 2020-01-03 CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.

7.5 2020-01-02 CVE-2019-20218

selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.

7.5 2019-12-24 CVE-2019-19925

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

5.3 2019-12-24 CVE-2019-19924

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

7.5 2019-12-24 CVE-2019-19923

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

7.5 2019-12-23 CVE-2019-19926

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

7.5 2019-12-18 CVE-2019-19880

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

9.8 2019-12-09 CVE-2019-19646

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

5.5 2019-12-09 CVE-2019-19645

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

7.5 2019-12-09 CVE-2019-19603

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

9.8 2019-12-05 CVE-2019-19317

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

5.9 2019-11-27 CVE-2019-19242

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

7.5 2019-11-25 CVE-2019-19244

sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.

6.5 2019-09-09 CVE-2019-16168

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

9.8 2019-05-30 CVE-2019-8457

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

CWE : Common Weakness Enumeration

%idName
23% (10) CWE-476 NULL Pointer Dereference
16% (7) CWE-20 Improper Input Validation
9% (4) CWE-416 Use After Free
6% (3) CWE-190 Integer Overflow or Wraparound
6% (3) CWE-125 Out-of-bounds Read
6% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (2) CWE-755 Improper Handling of Exceptional Conditions
4% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
4% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (1) CWE-787 Out-of-bounds Write
2% (1) CWE-754 Improper Check for Unusual or Exceptional Conditions
2% (1) CWE-674 Uncontrolled Recursion
2% (1) CWE-434 Unrestricted Upload of File with Dangerous Type
2% (1) CWE-369 Divide By Zero
2% (1) CWE-264 Permissions, Privileges, and Access Controls
2% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
44677 LightNEasy LightNEasy.php page Parameter XSS
44676 LightNEasy index.php page Parameter XSS
44675 LightNEasy index.php dlid Parameter SQL Injection
44674 LightNEasy LightNEasy/thumbsup.php Multiple Variable Arbitrary File Manipulation
44673 LightNEasy LightNEasy.php page Parameter Traversal Local File Inclusion / Dis...
44672 LightNEasy index.php page Parameter Traversal Local File Inclusion / Disclosure

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0222 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0061471

Snort® IPS/IDS

Date Description
2019-02-05 SQLite FTS integer overflow attempt
RuleID : 48786 - Type : SERVER-OTHER - Revision : 2
2019-02-05 SQLite FTS integer overflow attempt
RuleID : 48785 - Type : SERVER-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1633.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bb66329dee.nasl - Type: ACT_GATHER_INFO
2018-12-24 Name: The remote Debian host is missing a security update.
File: debian_DLA-1613.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1341.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0126.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0025.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0037.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_c1630aa3797011e88634dcfe074bd614.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1180.nasl - Type: ACT_GATHER_INFO
2018-06-08 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8d8f0e1643.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1138.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1137.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1136.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-07e15ad5a5.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-aace372c3f.nasl - Type: ACT_GATHER_INFO
2018-03-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_6d52bda12e5411e8a68f485b3931c969.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_9245681c7c3c11e7b5afa4badb2f4699.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote Fedora host is missing a security update.
File: fedora_2017-9b752904ed.nasl - Type: ACT_GATHER_INFO
2017-07-18 Name: The remote Fedora host is missing a security update.
File: fedora_2017-447e926933.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2017-357f9df699.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote Debian host is missing a security update.
File: debian_DLA-1018.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: The remote host contains an application that is affected by multiple vulnerab...
File: macos_itunes_12_6.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: An application running on the remote host is affected by multiple vulnerabili...
File: itunes_12_6_banner.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_6.nasl - Type: ACT_GATHER_INFO