Thanks, Jose. I see no CVE entered by the OP, but maybe I missed something.
A quick look to your list : > Name Description > CVE-2019-9937 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937> > In SQLite 3.27.2, interleaving reads and writes in a single transaction with > an fts5 virtual table will lead to a NULL Pointer Dereference in > fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and > ext/fts5/fts5_index.c. Resolved 2019-03-18 > CVE-2019-9936 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936> > In SQLite 3.27.2, running fts5 prefix queries inside a transaction could > trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which > may lead to an information leak. This is related to ext/fts5/fts5_hash.c. Resolved 2019-03-18 > CVE-2019-5827 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827> > Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 > allowed a remote attacker to potentially exploit heap corruption via a crafted > HTML page. Resolved 2019-04-13 > CVE-2019-3784 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3784> > Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session > that can be spoofed. When deployed on cloud foundry with multiple instances > using the default embedded SQLite database, a remote authenticated malicious > user can switch sessions to another user with the same session id. Application error > CVE-2019-1616 8<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168> > In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a > browser or other application because of missing validation of a sqlite_stat1 > sz field, aka a "severe division by zero in the query planner." Resolved 2019-08-15 > CVE-2019-1075 2<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10752> > Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to > SQL Injection due to sequelize.json() helper function not escaping values > properly when formatting sub paths for JSON queries for MySQL, MariaDB and > SQLite. Application error > CVE-2018-8740 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740> > In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE > TABLE AS statement could cause a NULL pointer dereference, related to build.c > and prepare.c. Resolved 2018-03-16 > CVE-2018-7774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7774> > The vulnerability exists within processing of localize.php in Schneider > Electric U.motion Builder software versions prior to v1.3.4. The underlying > SQLite database query is subject to SQL injection on the username input > parameter. Application error -- Regards, Kees Nuyt _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
