Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-645
Vulnerability from certfr_avis - Published: 2020-10-15 - Updated: 2020-10-15
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS NFX Series versions antérieures à 20.2R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S16, 12.3X48-D105, 14.1X53-D53, 15.1R7-S8, 15.1X49-D220, 15.1X53-D593, 16.1R7-S8, 16.2R2-S11, 17.1R2-S11, 17.2R3-S4, 17.2X75-D45, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S10, 18.2R2-S7, 18.2R3S6, 18.2X75-D435, 18.3R1-S7, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R1-S5, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1 | ||
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions antérieures à 7.4.0 | ||
| Juniper Networks | N/A | Juniper Networks Junos Space et Junos Space Security Director versions antérieures à 20.2R1 | ||
| Juniper Networks | Junos OS | Junos OS MX series et EX9200 Series versions antérieures à 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2 | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.1R2-EVO | ||
| Juniper Networks | Junos OS | Junos OS NFX150, SRX1500, SRX4100, SRX4200, vSRX versions antérieures à 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3 | ||
| Juniper Networks | Junos OS | Junos OS SRX Series versions antérieures à 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2 | ||
| Juniper Networks | Junos OS | Junos OS MX Series versions antérieures à 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS NFX Series versions ant\u00e9rieures \u00e0 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S16, 12.3X48-D105, 14.1X53-D53, 15.1R7-S8, 15.1X49-D220, 15.1X53-D593, 16.1R7-S8, 16.2R2-S11, 17.1R2-S11, 17.2R3-S4, 17.2X75-D45, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S10, 18.2R2-S7, 18.2R3S6, 18.2X75-D435, 18.3R1-S7, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R1-S5, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.2R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS MX series et EX9200 Series versions ant\u00e9rieures \u00e0 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS NFX150, SRX1500, SRX4100, SRX4200, vSRX versions ant\u00e9rieures \u00e0 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS SRX Series versions ant\u00e9rieures \u00e0 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS MX Series versions ant\u00e9rieures \u00e0 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-1661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1661"
},
{
"name": "CVE-2020-7450",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7450"
},
{
"name": "CVE-2015-3416",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
},
{
"name": "CVE-2019-15875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15875"
},
{
"name": "CVE-2015-3415",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
},
{
"name": "CVE-2019-11478",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
},
{
"name": "CVE-2008-6592",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6592"
},
{
"name": "CVE-2019-9936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9936"
},
{
"name": "CVE-2020-1657",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1657"
},
{
"name": "CVE-2020-1682",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1682"
},
{
"name": "CVE-2019-5599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5599"
},
{
"name": "CVE-2013-7443",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7443"
},
{
"name": "CVE-2018-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
},
{
"name": "CVE-2015-6607",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6607"
},
{
"name": "CVE-2018-20506",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20506"
},
{
"name": "CVE-2018-20346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20346"
},
{
"name": "CVE-2015-5895",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5895"
},
{
"name": "CVE-2015-3414",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2020-10188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10188"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2017-13685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13685"
},
{
"name": "CVE-2019-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5018"
},
{
"name": "CVE-2008-6589",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6589"
},
{
"name": "CVE-2020-1656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1656"
},
{
"name": "CVE-2019-11479",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
},
{
"name": "CVE-2020-1665",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1665"
},
{
"name": "CVE-2016-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6153"
},
{
"name": "CVE-2015-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3717"
},
{
"name": "CVE-2019-11477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
},
{
"name": "CVE-2017-15286",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15286"
},
{
"name": "CVE-2020-1660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1660"
},
{
"name": "CVE-2019-6593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6593"
},
{
"name": "CVE-2008-6593",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6593"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2008-6590",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6590"
},
{
"name": "CVE-2019-5610",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5610"
},
{
"name": "CVE-2019-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9937"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2020-1662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1662"
},
{
"name": "CVE-2018-20505",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20505"
}
],
"initial_release_date": "2020-10-15T00:00:00",
"last_revision_date": "2020-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-645",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11055 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11055\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11050 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11050\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11079 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11079\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11053 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11053\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11059 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11059\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11049 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11049\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11046 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11046\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11048 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11048\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11057 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11057\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11054 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11054\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11062 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11062\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11056 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11056\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11045 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11045\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11058 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11058\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11047 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11047\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CVE-2015-6607 (GCVE-0-2015-6607)
Vulnerability from cvelistv5 – Published: 2015-10-06 17:00 – Updated: 2024-08-06 07:29
VLAI
EPSS
Summary
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://groups.google.com/forum/message/raw?msg=a… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/76970 | vdb-entryx_refsource_BID |
| https://android-review.googlesource.com/#/c/145961/ | x_refsource_CONFIRM |
Date Public
2015-10-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:22.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ"
},
{
"name": "76970",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://android-review.googlesource.com/#/c/145961/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-24T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ"
},
{
"name": "76970",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://android-review.googlesource.com/#/c/145961/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-6607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ"
},
{
"name": "76970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76970"
},
{
"name": "https://android-review.googlesource.com/#/c/145961/",
"refsource": "CONFIRM",
"url": "https://android-review.googlesource.com/#/c/145961/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2015-6607",
"datePublished": "2015-10-06T17:00:00.000Z",
"dateReserved": "2015-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:29:22.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6153 (GCVE-0-2016-6153)
Vulnerability from cvelistv5 – Published: 2016-09-26 00:00 – Updated: 2024-08-06 01:22
VLAI
EPSS
Summary
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/tns-2016-20 | |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisory |
| https://www.sqlite.org/releaselog/3_13_0.html | |
| http://www.openwall.com/lists/oss-security/2016/07/01/2 | mailing-list |
| http://www.securityfocus.com/bid/91546 | vdb-entry |
| http://www.sqlite.org/cgi/src/info/67985761aa93fb61 | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.korelogic.com/Resources/Advisories/KL… | |
| http://www.openwall.com/lists/oss-security/2016/07/01/1 | mailing-list |
| https://usn.ubuntu.com/4019-1/ | vendor-advisory |
| https://usn.ubuntu.com/4019-2/ | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2023… | mailing-list |
Date Public
2016-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "openSUSE-SU-2016:2041",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sqlite.org/releaselog/3_13_0.html"
},
{
"name": "[oss-security] 20160701 Re: SQLite Tempdir Selection Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/01/2"
},
{
"name": "91546",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91546"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.sqlite.org/cgi/src/info/67985761aa93fb61"
},
{
"name": "FEDORA-2016-0138339b54",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt"
},
{
"name": "[oss-security] 20160701 SQLite Tempdir Selection Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/01/1"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"name": "FEDORA-2019-49f80a78bc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3431-1] sqlite security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "openSUSE-SU-2016:2041",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html"
},
{
"url": "https://www.sqlite.org/releaselog/3_13_0.html"
},
{
"name": "[oss-security] 20160701 Re: SQLite Tempdir Selection Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/01/2"
},
{
"name": "91546",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91546"
},
{
"url": "http://www.sqlite.org/cgi/src/info/67985761aa93fb61"
},
{
"name": "FEDORA-2016-0138339b54",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/"
},
{
"url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt"
},
{
"name": "[oss-security] 20160701 SQLite Tempdir Selection Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/01/1"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"name": "FEDORA-2019-49f80a78bc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3431-1] sqlite security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6153",
"datePublished": "2016-09-26T00:00:00.000Z",
"dateReserved": "2016-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:22:20.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10989 (GCVE-0-2017-10989)
Vulnerability from cvelistv5 – Published: 2017-07-07 12:00 – Updated: 2024-08-05 17:57
VLAI
EPSS
Summary
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
| URL | Tags |
|---|---|
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| https://support.apple.com/HT208144 | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://sqlite.org/src/vpatch?from=0db20efe201736… | x_refsource_MISC |
| https://bugs.chromium.org/p/oss-fuzz/issues/detai… | x_refsource_MISC |
| https://sqlite.org/src/info/66de6f4a | x_refsource_MISC |
| http://www.securitytracker.com/id/1039427 | vdb-entryx_refsource_SECTRACK |
| https://bugs.launchpad.net/ubuntu/+source/sqlite3… | x_refsource_MISC |
| https://support.apple.com/HT208113 | x_refsource_CONFIRM |
| https://support.apple.com/HT208112 | x_refsource_CONFIRM |
| http://marc.info/?l=sqlite-users&m=149933696214713&w=2 | x_refsource_MISC |
| https://support.apple.com/HT208115 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/99502 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://usn.ubuntu.com/4019-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4019-2/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2017-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/66de6f4a"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208115"
},
{
"name": "99502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99502"
},
{
"name": "openSUSE-SU-2019:1426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T19:06:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/66de6f4a"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208115"
},
{
"name": "99502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99502"
},
{
"name": "openSUSE-SU-2019:1426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html"
},
{
"name": "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26",
"refsource": "MISC",
"url": "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405"
},
{
"name": "https://sqlite.org/src/info/66de6f4a",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/66de6f4a"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937"
},
{
"name": "https://support.apple.com/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208113"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2"
},
{
"name": "https://support.apple.com/HT208115",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208115"
},
{
"name": "99502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99502"
},
{
"name": "openSUSE-SU-2019:1426",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html"
},
{
"name": "USN-4019-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10989",
"datePublished": "2017-07-07T12:00:00.000Z",
"dateReserved": "2017-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:57:56.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13685 (GCVE-0-2017-13685)
Vulnerability from cvelistv5 – Published: 2017-08-29 06:00 – Updated: 2024-08-05 19:05
VLAI
EPSS
Summary
The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.mail-archive.com/sqlite-users%40mailin… | x_refsource_MISC |
| http://www.securityfocus.com/bid/100521 | vdb-entryx_refsource_BID |
| https://usn.ubuntu.com/4019-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4019-2/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2017-08-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html"
},
{
"name": "100521",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100521"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T19:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html"
},
{
"name": "100521",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100521"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html",
"refsource": "MISC",
"url": "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html"
},
{
"name": "100521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100521"
},
{
"name": "USN-4019-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13685",
"datePublished": "2017-08-29T06:00:00.000Z",
"dateReserved": "2017-08-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:05:19.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15286 (GCVE-0-2017-15286)
Vulnerability from cvelistv5 – Published: 2017-10-12 08:00 – Updated: 2024-08-05 19:50
VLAI
EPSS
Summary
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/101285 | vdb-entryx_refsource_BID |
| https://github.com/Ha0Team/crash-of-sqlite3/blob/… | x_refsource_MISC |
Date Public
2017-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-17T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101285"
},
{
"name": "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md",
"refsource": "MISC",
"url": "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15286",
"datePublished": "2017-10-12T08:00:00.000Z",
"dateReserved": "2017-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:50:16.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20346 (GCVE-0-2018-20346)
Vulnerability from cvelistv5 – Published: 2018-12-21 21:00 – Updated: 2024-08-05 11:58
VLAI
EPSS
Summary
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
33 references
| URL | Tags |
|---|---|
| https://worthdoingbadly.com/sqlitebug/ | x_refsource_MISC |
| https://support.apple.com/HT209446 | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1659379 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1659677 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://www.synology.com/security/advisory/Synolo… | x_refsource_CONFIRM |
| https://access.redhat.com/articles/3758321 | x_refsource_MISC |
| https://support.apple.com/HT209443 | x_refsource_CONFIRM |
| https://blade.tencent.com/magellan/index_en.html | x_refsource_MISC |
| https://support.apple.com/HT209451 | x_refsource_CONFIRM |
| https://github.com/zhuowei/worthdoingbadly.com/bl… | x_refsource_MISC |
| https://news.ycombinator.com/item?id=18685296 | x_refsource_MISC |
| https://support.apple.com/HT209450 | x_refsource_CONFIRM |
| https://sqlite.org/src/info/940f2adc8541a838 | x_refsource_MISC |
| https://support.apple.com/HT209448 | x_refsource_CONFIRM |
| https://chromium.googlesource.com/chromium/src/+/… | x_refsource_MISC |
| https://www.mail-archive.com/sqlite-users%40maili… | x_refsource_MISC |
| http://www.securityfocus.com/bid/106323 | vdb-entryx_refsource_BID |
| https://crbug.com/900910 | x_refsource_MISC |
| https://sqlite.org/src/info/d44318f59044162e | x_refsource_MISC |
| https://www.freebsd.org/security/advisories/FreeB… | vendor-advisoryx_refsource_FREEBSD |
| https://chromereleases.googleblog.com/2018/12/sta… | x_refsource_MISC |
| https://www.sqlite.org/releaselog/3_25_3.html | x_refsource_MISC |
| https://support.apple.com/HT209447 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201904-21 | vendor-advisoryx_refsource_GENTOO |
| https://usn.ubuntu.com/4019-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4019-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Date Public
2018-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://worthdoingbadly.com/sqlitebug/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677"
},
{
"name": "[debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_61"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/articles/3758321"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blade.tencent.com/magellan/index_en.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209451"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=18685296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209448"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html"
},
{
"name": "106323",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/900910"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/d44318f59044162e"
},
{
"name": "FreeBSD-EN-19:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sqlite.org/releaselog/3_25_3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209447"
},
{
"name": "openSUSE-SU-2019:1159",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"name": "GLSA-201904-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-21"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"name": "FEDORA-2019-49f80a78bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-31T07:06:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://worthdoingbadly.com/sqlitebug/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677"
},
{
"name": "[debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_61"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/articles/3758321"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blade.tencent.com/magellan/index_en.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209451"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=18685296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209448"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html"
},
{
"name": "106323",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/900910"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/d44318f59044162e"
},
{
"name": "FreeBSD-EN-19:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sqlite.org/releaselog/3_25_3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209447"
},
{
"name": "openSUSE-SU-2019:1159",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"name": "GLSA-201904-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-21"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"name": "FEDORA-2019-49f80a78bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://worthdoingbadly.com/sqlitebug/",
"refsource": "MISC",
"url": "https://worthdoingbadly.com/sqlitebug/"
},
{
"name": "https://support.apple.com/HT209446",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209446"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677"
},
{
"name": "[debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_18_61",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_18_61"
},
{
"name": "https://access.redhat.com/articles/3758321",
"refsource": "MISC",
"url": "https://access.redhat.com/articles/3758321"
},
{
"name": "https://support.apple.com/HT209443",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209443"
},
{
"name": "https://blade.tencent.com/magellan/index_en.html",
"refsource": "MISC",
"url": "https://blade.tencent.com/magellan/index_en.html"
},
{
"name": "https://support.apple.com/HT209451",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209451"
},
{
"name": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html",
"refsource": "MISC",
"url": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html"
},
{
"name": "https://news.ycombinator.com/item?id=18685296",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=18685296"
},
{
"name": "https://support.apple.com/HT209450",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209450"
},
{
"name": "https://sqlite.org/src/info/940f2adc8541a838",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"name": "https://support.apple.com/HT209448",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209448"
},
{
"name": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e",
"refsource": "MISC",
"url": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e"
},
{
"name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html"
},
{
"name": "106323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106323"
},
{
"name": "https://crbug.com/900910",
"refsource": "MISC",
"url": "https://crbug.com/900910"
},
{
"name": "https://sqlite.org/src/info/d44318f59044162e",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/d44318f59044162e"
},
{
"name": "FreeBSD-EN-19:03",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc"
},
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "https://www.sqlite.org/releaselog/3_25_3.html",
"refsource": "MISC",
"url": "https://www.sqlite.org/releaselog/3_25_3.html"
},
{
"name": "https://support.apple.com/HT209447",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209447"
},
{
"name": "openSUSE-SU-2019:1159",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1222",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"name": "GLSA-201904-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-21"
},
{
"name": "USN-4019-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"name": "FEDORA-2019-49f80a78bc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20346",
"datePublished": "2018-12-21T21:00:00.000Z",
"dateReserved": "2018-12-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:58:19.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20505 (GCVE-0-2018-20505)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:51 – Updated: 2024-08-05 12:05
VLAI
EPSS
Summary
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2019/Jan/62 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jan/64 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jan/66 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jan/67 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jan/68 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jan/69 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106698 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/28 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/29 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/31 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/32 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/33 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/39 | x_refsource_MISC |
| https://support.apple.com/kb/HT209443 | x_refsource_MISC |
| https://support.apple.com/kb/HT209446 | x_refsource_MISC |
| https://support.apple.com/kb/HT209447 | x_refsource_MISC |
| https://support.apple.com/kb/HT209448 | x_refsource_MISC |
| https://support.apple.com/kb/HT209450 | x_refsource_MISC |
| https://support.apple.com/kb/HT209451 | x_refsource_MISC |
| https://sqlite.org/src/info/1a84668dcfdebaf12415d | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2019050… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/4019-1/ | vendor-advisoryx_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209447"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209448"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209451"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T18:06:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/106698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209447"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209448"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209451"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/62",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/64",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/66",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/67",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/68",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/69",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"name": "http://www.securityfocus.com/bid/106698",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/106698"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/28",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/29",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/31",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/32",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/33",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/39",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"name": "https://support.apple.com/kb/HT209443",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209443"
},
{
"name": "https://support.apple.com/kb/HT209446",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209446"
},
{
"name": "https://support.apple.com/kb/HT209447",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209447"
},
{
"name": "https://support.apple.com/kb/HT209448",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209448"
},
{
"name": "https://support.apple.com/kb/HT209450",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209450"
},
{
"name": "https://support.apple.com/kb/HT209451",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209451"
},
{
"name": "https://sqlite.org/src/info/1a84668dcfdebaf12415d",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20505",
"datePublished": "2019-04-03T17:51:41.000Z",
"dateReserved": "2018-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:05:17.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20506 (GCVE-0-2018-20506)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:50 – Updated: 2024-08-05 12:05
VLAI
EPSS
Summary
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
27 references
| URL | Tags |
|---|---|
| https://sqlite.org/src/info/940f2adc8541a838 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jan/62 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jan/64 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jan/66 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jan/67 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jan/68 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jan/69 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106698 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/28 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/29 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/31 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/32 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/33 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jan/39 | x_refsource_MISC |
| https://support.apple.com/kb/HT209443 | x_refsource_MISC |
| https://support.apple.com/kb/HT209446 | x_refsource_MISC |
| https://support.apple.com/kb/HT209447 | x_refsource_MISC |
| https://support.apple.com/kb/HT209448 | x_refsource_MISC |
| https://support.apple.com/kb/HT209450 | x_refsource_MISC |
| https://support.apple.com/kb/HT209451 | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.netapp.com/advisory/ntap-2019050… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/4019-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4019-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209447"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209448"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209451"
},
{
"name": "openSUSE-SU-2019:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-31T07:06:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/106698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209447"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209448"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209451"
},
{
"name": "openSUSE-SU-2019:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sqlite.org/src/info/940f2adc8541a838",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/62",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/64",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/66",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/67",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/68",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/69",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"name": "http://www.securityfocus.com/bid/106698",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/106698"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/28",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/29",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/31",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/32",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/33",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/39",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"name": "https://support.apple.com/kb/HT209443",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209443"
},
{
"name": "https://support.apple.com/kb/HT209446",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209446"
},
{
"name": "https://support.apple.com/kb/HT209447",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209447"
},
{
"name": "https://support.apple.com/kb/HT209448",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209448"
},
{
"name": "https://support.apple.com/kb/HT209450",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209450"
},
{
"name": "https://support.apple.com/kb/HT209451",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209451"
},
{
"name": "openSUSE-SU-2019:1222",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20506",
"datePublished": "2019-04-03T17:50:54.000Z",
"dateReserved": "2018-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:05:17.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8740 (GCVE-0-2018-8740)
Vulnerability from cvelistv5 – Published: 2018-03-17 00:00 – Updated: 2024-08-05 07:02
VLAI
EPSS
Summary
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2019… | mailing-list |
| https://bugs.launchpad.net/ubuntu/+source/sqlite3… | |
| http://www.securityfocus.com/bid/103466 | vdb-entry |
| https://www.sqlite.org/cgi/src/vdiff?from=1774f1c… | |
| https://www.sqlite.org/cgi/src/timeline?r=corrupt… | |
| https://bugs.chromium.org/p/oss-fuzz/issues/detai… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://usn.ubuntu.com/4205-1/ | vendor-advisory |
| https://usn.ubuntu.com/4394-1/ | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-list |
| https://lists.apache.org/thread.html/rf4c02775860… | mailing-list |
| https://lists.apache.org/thread.html/r58af02e294b… | mailing-list |
| https://lists.debian.org/debian-lts-announce/2023… | mailing-list |
Date Public
2018-03-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349"
},
{
"name": "103466",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103466"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d\u0026to=d75e67654aa9620b"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964"
},
{
"name": "openSUSE-SU-2019:1426",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html"
},
{
"name": "FEDORA-2019-49f80a78bc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"name": "USN-4205-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4205-1/"
},
{
"name": "USN-4394-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3431-1] sqlite security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349"
},
{
"name": "103466",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/103466"
},
{
"url": "https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d\u0026to=d75e67654aa9620b"
},
{
"url": "https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964"
},
{
"name": "openSUSE-SU-2019:1426",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html"
},
{
"name": "FEDORA-2019-49f80a78bc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"name": "USN-4205-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4205-1/"
},
{
"name": "USN-4394-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3431-1] sqlite security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8740",
"datePublished": "2018-03-17T00:00:00.000Z",
"dateReserved": "2018-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:02:26.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11135 (GCVE-0-2019-11135)
Vulnerability from cvelistv5 – Published: 2019-11-14 18:19 – Updated: 2026-05-28 18:21
VLAI
EPSS
Summary
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information Disclosure
- CWE-noinfo Not enough information
Assigner
References
30 references
| URL | Tags |
|---|---|
| https://seclists.org/bugtraq/2019/Nov/26 | mailing-listx_refsource_BUGTRAQ |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://access.redhat.com/errata/RHSA-2019:3936 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/4186-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2019/12/10/3 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2019/12/10/4 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2019/12/11/1 | mailing-listx_refsource_MLIST |
| https://seclists.org/bugtraq/2019/Dec/28 | mailing-listx_refsource_BUGTRAQ |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://access.redhat.com/errata/RHSA-2020:0026 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2020:0028 | vendor-advisoryx_refsource_REDHAT |
| https://www.debian.org/security/2020/dsa-4602 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2020/Jan/21 | mailing-listx_refsource_BUGTRAQ |
| https://access.redhat.com/errata/RHSA-2020:0204 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2020:0279 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2020:0366 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2020:0555 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2020:0666 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2020:0730 | vendor-advisoryx_refsource_REDHAT |
| https://security.gentoo.org/glsa/202003-56 | vendor-advisoryx_refsource_GENTOO |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
| https://www.intel.com/content/www/us/en/security-… | x_refsource_MISC |
| https://support.f5.com/csp/article/K02912734?utm_… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/155375/Slack… | x_refsource_MISC |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | 2019.2 IPU – TSX Asynchronous Abort |
Affected:
See provided reference
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20191118 [slackware-security] Slackware 14.2 kernel (SSA:2019-320-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/26"
},
{
"name": "openSUSE-SU-2019:2527",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html"
},
{
"name": "openSUSE-SU-2019:2528",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html"
},
{
"name": "FEDORA-2019-376ec5c107",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"name": "RHSA-2019:3936",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3936"
},
{
"name": "USN-4186-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "FEDORA-2019-cbb732f760",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"name": "[oss-security] 20191210 CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/10/3"
},
{
"name": "[oss-security] 20191210 Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/10/4"
},
{
"name": "[oss-security] 20191211 Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/11/1"
},
{
"name": "20191216 [SECURITY] [DSA 4565-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/28"
},
{
"name": "[debian-lts-announce] 20191230 [SECURITY] [DLA 2051-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2710",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html"
},
{
"name": "RHSA-2020:0026",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0026"
},
{
"name": "RHSA-2020:0028",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0028"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"name": "RHSA-2020:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0279"
},
{
"name": "RHSA-2020:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0366"
},
{
"name": "RHSA-2020:0555",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0555"
},
{
"name": "RHSA-2020:0666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0666"
},
{
"name": "RHSA-2020:0730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0730"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K02912734?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03968en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10306"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-11135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T18:20:56.050662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T18:21:00.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "2019.2 IPU \u2013 TSX Asynchronous Abort",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See provided reference"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:00.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "20191118 [slackware-security] Slackware 14.2 kernel (SSA:2019-320-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/26"
},
{
"name": "openSUSE-SU-2019:2527",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html"
},
{
"name": "openSUSE-SU-2019:2528",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html"
},
{
"name": "FEDORA-2019-376ec5c107",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"name": "RHSA-2019:3936",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3936"
},
{
"name": "USN-4186-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "FEDORA-2019-cbb732f760",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"name": "[oss-security] 20191210 CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/10/3"
},
{
"name": "[oss-security] 20191210 Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/10/4"
},
{
"name": "[oss-security] 20191211 Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/11/1"
},
{
"name": "20191216 [SECURITY] [DSA 4565-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/28"
},
{
"name": "[debian-lts-announce] 20191230 [SECURITY] [DLA 2051-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2710",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html"
},
{
"name": "RHSA-2020:0026",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0026"
},
{
"name": "RHSA-2020:0028",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0028"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"name": "RHSA-2020:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0279"
},
{
"name": "RHSA-2020:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0366"
},
{
"name": "RHSA-2020:0555",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0555"
},
{
"name": "RHSA-2020:0666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0666"
},
{
"name": "RHSA-2020:0730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0730"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K02912734?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03968en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2019.2 IPU \u2013 TSX Asynchronous Abort",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20191118 [slackware-security] Slackware 14.2 kernel (SSA:2019-320-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/26"
},
{
"name": "openSUSE-SU-2019:2527",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html"
},
{
"name": "openSUSE-SU-2019:2528",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html"
},
{
"name": "FEDORA-2019-376ec5c107",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"name": "RHSA-2019:3936",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3936"
},
{
"name": "USN-4186-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "FEDORA-2019-cbb732f760",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"name": "[oss-security] 20191210 CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/10/3"
},
{
"name": "[oss-security] 20191210 Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/10/4"
},
{
"name": "[oss-security] 20191211 Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/11/1"
},
{
"name": "20191216 [SECURITY] [DSA 4565-2] intel-microcode security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/28"
},
{
"name": "[debian-lts-announce] 20191230 [SECURITY] [DLA 2051-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2710",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html"
},
{
"name": "RHSA-2020:0026",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0026"
},
{
"name": "RHSA-2020:0028",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0028"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "RHSA-2020:0204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"name": "RHSA-2020:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0279"
},
{
"name": "RHSA-2020:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0366"
},
{
"name": "RHSA-2020:0555",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0555"
},
{
"name": "RHSA-2020:0666",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0666"
},
{
"name": "RHSA-2020:0730",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0730"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html"
},
{
"name": "https://support.f5.com/csp/article/K02912734?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K02912734?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03968en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03968en_us"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10306",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-11135",
"datePublished": "2019-11-14T18:19:25.000Z",
"dateReserved": "2019-04-11T00:00:00.000Z",
"dateUpdated": "2026-05-28T18:21:00.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…