Search CVE reports
31 – 40 of 74 results
CVE-2019-19924
Medium prioritySome fixes available 1 of 2
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
1 affected package
sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite3 | — | — | — | Not affected | Not affected |
CVE-2019-19923
Medium prioritySome fixes available 2 of 3
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
1 affected package
sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite3 | — | — | — | Fixed | Not affected |
CVE-2019-19926
Medium prioritySome fixes available 4 of 5
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
1 affected package
sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite3 | — | — | Not affected | Fixed | Fixed |
CVE-2019-19880
Medium prioritySome fixes available 1 of 2
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
1 affected package
sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite3 | — | — | — | Not affected | Not affected |
CVE-2019-13753
Medium prioritySome fixes available 18 of 30
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
3 affected packages
chromium-browser, sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
sqlite3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-13752
Medium prioritySome fixes available 18 of 30
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
3 affected packages
chromium-browser, sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
sqlite3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-13751
Medium prioritySome fixes available 18 of 30
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
3 affected packages
chromium-browser, sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
sqlite3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-13750
Medium prioritySome fixes available 18 of 30
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
3 affected packages
chromium-browser, sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
sqlite3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-13734
Medium prioritySome fixes available 18 of 30
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3 affected packages
chromium-browser, sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
sqlite3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-19646
Medium prioritypragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | — | — | — | Not affected | Not affected |
sqlite3 | — | — | — | Not affected | Not affected |