Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-6607 (GCVE-0-2015-6607)
Vulnerability from cvelistv5 – Published: 2015-10-06 17:00 – Updated: 2024-08-06 07:29
VLAI?
EPSS
Summary
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:22.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ"
},
{
"name": "76970",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://android-review.googlesource.com/#/c/145961/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-24T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ"
},
{
"name": "76970",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://android-review.googlesource.com/#/c/145961/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-6607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ"
},
{
"name": "76970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76970"
},
{
"name": "https://android-review.googlesource.com/#/c/145961/",
"refsource": "CONFIRM",
"url": "https://android-review.googlesource.com/#/c/145961/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2015-6607",
"datePublished": "2015-10-06T17:00:00.000Z",
"dateReserved": "2015-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:29:22.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-6607\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2015-10-06T17:59:25.993\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.\"},{\"lang\":\"es\",\"value\":\"SQLite en versiones anterioers a 3.8.9, tal como se utiliza en Android en versiones anteriores a 5.1.1 LMY48T, permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, tambi\u00e9n conocido como error interno 20099586.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.8.3\",\"matchCriteriaId\":\"E85F71C2-BD0B-4836-9592-FFAF0ED69A1A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/76970\",\"source\":\"security@android.com\"},{\"url\":\"https://android-review.googlesource.com/#/c/145961/\",\"source\":\"security@android.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ\",\"source\":\"security@android.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/76970\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://android-review.googlesource.com/#/c/145961/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CNVD-2015-06515
Vulnerability from cnvd - Published: 2015-10-15
VLAI Severity ?
Title
SQLite权限提升漏洞
Description
SQLite是美国软件开发者D.Richard Hipp所研发的一套基于C语言的开源嵌入式关系数据库管理系统。该系统具有独立性、隔离性、可跨平台等特点。
SQLite 3.8.9之前的版本存在权限提升漏洞,允许攻击者通过精心编制的应用程序获得权限。
Severity
中
Patch Name
SQLite权限提升漏洞的补丁
Patch Description
SQLite是美国软件开发者D.Richard Hipp所研发的一套基于C语言的开源嵌入式关系数据库管理系统。该系统具有独立性、隔离性、可跨平台等特点。
SQLite 3.8.9之前的版本存在权限提升漏洞,允许攻击者通过精心编制的应用程序获得权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ
Reference
https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ
Impacted products
| Name | Sqlite Sqlite <3.8.9 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-6607"
}
},
"description": "SQLite\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005D.Richard Hipp\u6240\u7814\u53d1\u7684\u4e00\u5957\u57fa\u4e8eC\u8bed\u8a00\u7684\u5f00\u6e90\u5d4c\u5165\u5f0f\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u5177\u6709\u72ec\u7acb\u6027\u3001\u9694\u79bb\u6027\u3001\u53ef\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\r\n\r\nSQLite 3.8.9\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u7cbe\u5fc3\u7f16\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u83b7\u5f97\u6743\u9650\u3002",
"discovererName": "unknown",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-06515",
"openTime": "2015-10-15",
"patchDescription": "SQLite\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005D.Richard Hipp\u6240\u7814\u53d1\u7684\u4e00\u5957\u57fa\u4e8eC\u8bed\u8a00\u7684\u5f00\u6e90\u5d4c\u5165\u5f0f\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u5177\u6709\u72ec\u7acb\u6027\u3001\u9694\u79bb\u6027\u3001\u53ef\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\r\n\r\nSQLite 3.8.9\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u7cbe\u5fc3\u7f16\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u83b7\u5f97\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "SQLite\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Sqlite Sqlite \u003c3.8.9"
},
"referenceLink": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ",
"serverity": "\u4e2d",
"submitTime": "2015-10-08",
"title": "SQLite\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
GHSA-WF9W-9WMC-7FPV
Vulnerability from github – Published: 2022-05-17 02:53 – Updated: 2025-04-12 12:52
VLAI?
Details
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
{
"affected": [],
"aliases": [
"CVE-2015-6607"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-10-06T17:59:00Z",
"severity": "MODERATE"
},
"details": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.",
"id": "GHSA-wf9w-9wmc-7fpv",
"modified": "2025-04-12T12:52:36Z",
"published": "2022-05-17T02:53:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6607"
},
{
"type": "WEB",
"url": "https://android-review.googlesource.com/#/c/145961"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/76970"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTFR-2015-AVI-418
Vulnerability from certfr_avis - Published: 2015-10-06 - Updated: 2015-10-06
De multiples vulnérabilités ont été corrigées dans Google Nexus. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android M versions ant\u00e9rieures au correctif de s\u00e9curit\u00e9 d\u0027Octobre 2015",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Google Nexus versions ant\u00e9rieures \u00e0 5.1.1 (LMY48T)",
"product": {
"name": "N/A",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6605",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6605"
},
{
"name": "CVE-2015-3869",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3869"
},
{
"name": "CVE-2015-3876",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3876"
},
{
"name": "CVE-2015-6596",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6596"
},
{
"name": "CVE-2015-3874",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3874"
},
{
"name": "CVE-2015-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6606"
},
{
"name": "CVE-2015-6604",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6604"
},
{
"name": "CVE-2015-6598",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6598"
},
{
"name": "CVE-2015-6601",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6601"
},
{
"name": "CVE-2015-3870",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3870"
},
{
"name": "CVE-2014-9082",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9082"
},
{
"name": "CVE-2015-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3862"
},
{
"name": "CVE-2015-3823",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3823"
},
{
"name": "CVE-2015-3878",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3878"
},
{
"name": "CVE-2015-3877",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3877"
},
{
"name": "CVE-2015-3847",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3847"
},
{
"name": "CVE-2015-3873",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3873"
},
{
"name": "CVE-2015-6607",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6607"
},
{
"name": "CVE-2015-6599",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6599"
},
{
"name": "CVE-2015-3865",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3865"
},
{
"name": "CVE-2015-3871",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3871"
},
{
"name": "CVE-2015-3868",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3868"
},
{
"name": "CVE-2015-3875",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3875"
},
{
"name": "CVE-2015-3867",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3867"
},
{
"name": "CVE-2015-3872",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3872"
},
{
"name": "CVE-2015-6600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6600"
},
{
"name": "CVE-2015-6602",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6602"
},
{
"name": "CVE-2015-3879",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3879"
},
{
"name": "CVE-2015-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3863"
}
],
"initial_release_date": "2015-10-06T00:00:00",
"last_revision_date": "2015-10-06T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-418",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Nexus\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Nexus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Nexus du 05 octobre 2015",
"url": "https://groups.google.com/forum/#!topic/android-security-updates/_Rm-lKnS2M8"
}
]
}
CERTFR-2020-AVI-645
Vulnerability from certfr_avis - Published: 2020-10-15 - Updated: 2020-10-15
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS NFX Series versions antérieures à 20.2R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S16, 12.3X48-D105, 14.1X53-D53, 15.1R7-S8, 15.1X49-D220, 15.1X53-D593, 16.1R7-S8, 16.2R2-S11, 17.1R2-S11, 17.2R3-S4, 17.2X75-D45, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S10, 18.2R2-S7, 18.2R3S6, 18.2X75-D435, 18.3R1-S7, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R1-S5, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1 | ||
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions antérieures à 7.4.0 | ||
| Juniper Networks | N/A | Juniper Networks Junos Space et Junos Space Security Director versions antérieures à 20.2R1 | ||
| Juniper Networks | Junos OS | Junos OS MX series et EX9200 Series versions antérieures à 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2 | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.1R2-EVO | ||
| Juniper Networks | Junos OS | Junos OS NFX150, SRX1500, SRX4100, SRX4200, vSRX versions antérieures à 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3 | ||
| Juniper Networks | Junos OS | Junos OS SRX Series versions antérieures à 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2 | ||
| Juniper Networks | Junos OS | Junos OS MX Series versions antérieures à 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS NFX Series versions ant\u00e9rieures \u00e0 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S16, 12.3X48-D105, 14.1X53-D53, 15.1R7-S8, 15.1X49-D220, 15.1X53-D593, 16.1R7-S8, 16.2R2-S11, 17.1R2-S11, 17.2R3-S4, 17.2X75-D45, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S10, 18.2R2-S7, 18.2R3S6, 18.2X75-D435, 18.3R1-S7, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R1-S5, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.2R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS MX series et EX9200 Series versions ant\u00e9rieures \u00e0 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS NFX150, SRX1500, SRX4100, SRX4200, vSRX versions ant\u00e9rieures \u00e0 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS SRX Series versions ant\u00e9rieures \u00e0 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS MX Series versions ant\u00e9rieures \u00e0 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-1661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1661"
},
{
"name": "CVE-2020-7450",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7450"
},
{
"name": "CVE-2015-3416",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
},
{
"name": "CVE-2019-15875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15875"
},
{
"name": "CVE-2015-3415",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
},
{
"name": "CVE-2019-11478",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
},
{
"name": "CVE-2008-6592",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6592"
},
{
"name": "CVE-2019-9936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9936"
},
{
"name": "CVE-2020-1657",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1657"
},
{
"name": "CVE-2020-1682",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1682"
},
{
"name": "CVE-2019-5599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5599"
},
{
"name": "CVE-2013-7443",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7443"
},
{
"name": "CVE-2018-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
},
{
"name": "CVE-2015-6607",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6607"
},
{
"name": "CVE-2018-20506",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20506"
},
{
"name": "CVE-2018-20346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20346"
},
{
"name": "CVE-2015-5895",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5895"
},
{
"name": "CVE-2015-3414",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2020-10188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10188"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2017-13685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13685"
},
{
"name": "CVE-2019-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5018"
},
{
"name": "CVE-2008-6589",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6589"
},
{
"name": "CVE-2020-1656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1656"
},
{
"name": "CVE-2019-11479",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
},
{
"name": "CVE-2020-1665",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1665"
},
{
"name": "CVE-2016-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6153"
},
{
"name": "CVE-2015-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3717"
},
{
"name": "CVE-2019-11477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
},
{
"name": "CVE-2017-15286",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15286"
},
{
"name": "CVE-2020-1660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1660"
},
{
"name": "CVE-2019-6593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6593"
},
{
"name": "CVE-2008-6593",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6593"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2008-6590",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6590"
},
{
"name": "CVE-2019-5610",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5610"
},
{
"name": "CVE-2019-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9937"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2020-1662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1662"
},
{
"name": "CVE-2018-20505",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20505"
}
],
"initial_release_date": "2020-10-15T00:00:00",
"last_revision_date": "2020-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-645",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11055 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11055\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11050 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11050\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11079 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11079\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11053 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11053\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11059 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11059\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11049 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11049\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11046 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11046\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11048 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11048\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11057 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11057\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11054 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11054\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11062 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11062\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11056 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11056\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11045 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11045\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11058 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11058\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11047 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11047\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
GSD-2015-6607
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-6607",
"description": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.",
"id": "GSD-2015-6607"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-6607"
],
"details": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.",
"id": "GSD-2015-6607",
"modified": "2023-12-13T01:20:04.368172Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-6607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ"
},
{
"name": "76970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76970"
},
{
"name": "https://android-review.googlesource.com/#/c/145961/",
"refsource": "CONFIRM",
"url": "https://android-review.googlesource.com/#/c/145961/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.8.8.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-6607"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)",
"refsource": "MLIST",
"tags": [
"Vendor Advisory"
],
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ"
},
{
"name": "https://android-review.googlesource.com/#/c/145961/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://android-review.googlesource.com/#/c/145961/"
},
{
"name": "76970",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/76970"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-03-25T01:59Z",
"publishedDate": "2015-10-06T17:59Z"
}
}
}
FKIE_CVE-2015-6607
Vulnerability from fkie_nvd - Published: 2015-10-06 17:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
References
| URL | Tags | ||
|---|---|---|---|
| security@android.com | http://www.securityfocus.com/bid/76970 | ||
| security@android.com | https://android-review.googlesource.com/#/c/145961/ | Vendor Advisory | |
| security@android.com | https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/76970 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://android-review.googlesource.com/#/c/145961/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E85F71C2-BD0B-4836-9592-FFAF0ED69A1A",
"versionEndIncluding": "3.8.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586."
},
{
"lang": "es",
"value": "SQLite en versiones anterioers a 3.8.9, tal como se utiliza en Android en versiones anteriores a 5.1.1 LMY48T, permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, tambi\u00e9n conocido como error interno 20099586."
}
],
"id": "CVE-2015-6607",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-06T17:59:25.993",
"references": [
{
"source": "security@android.com",
"url": "http://www.securityfocus.com/bid/76970"
},
{
"source": "security@android.com",
"tags": [
"Vendor Advisory"
],
"url": "https://android-review.googlesource.com/#/c/145961/"
},
{
"source": "security@android.com",
"tags": [
"Vendor Advisory"
],
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://android-review.googlesource.com/#/c/145961/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ"
}
],
"sourceIdentifier": "security@android.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Summary
B&R Automation Studio Update of SQLite version
Notes
Summary
ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outdated third-party component.
Although no successful exploitation was observed during testing of the affected B&R products, the identified vulnerabilities could present potential attack vectors that might enable unauthorized access, data exposure, or remote code execution.
Support
For additional instructions and support please contact your local B&R service organization. For contact information, see https://www.br-automation.com/en/about-us/locations/.
Information about ABB’s cyber security program and capabilities can be found at www.abb.com/cybersecurity.
Notice
The information in this document is subject to change without notice, and should not be construed as a commitment by B&R.
B&R provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall B&R or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if B&R or its suppliers have been advised of the possibility of such damages.
This document and parts hereof must not be reproduced or copied without written permission from B&R, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.
All rights to registrations and trademarks reside with their respective owners.
General security recommendations
For any installation of software related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:
– Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general purpose network (e.g. office or home networks).
– Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.
– Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.
– Scan all data imported into your environment before use to detect potential malware infections.
– Minimize network exposure for all applications and endpoints to ensure that they are not accessible from the Internet unless they are designed for such exposure and the intended use requires such.
– Ensure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.
– When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
More information on recommended practices can be found in the following documents:
Defense in Depth for B&R products - https://www.br-automation.com/fileadmin/Cyber_Security_-_Defense_in_Depth_for_BR_Products-bdd37e82.pdf
Purpose
B&R has a rigorous internal cyber security continuous improvement process which involves regular testing with industry leading tools and periodic assessments to identify potential product issues. Occasionally an issue is determined to be a design or coding flaw with implications that may impact product cyber security.
When a potential product vulnerability is identified or reported, B&R immediately initiates our vulnerability handling process. This entails validating if the issue is in fact a product issue, identifying root causes, determining what related products may be impacted, developing a remediation, and notifying end users and governmental organizations.
The resulting Cyber Security Advisory intends to notify customers of the vulnerability and provide details on which products are impacted, how to mitigate the vulnerability or explain workarounds that minimize the potential risk as much as possible. The release of a Cyber Security Advisory should not be misconstrued as an affirmation or indication of an active threat or ongoing campaign targeting the products mentioned here. If B&R is aware of any specific threats, it will be clearly mentioned in the communication.
The publication of this Cyber Security Advisory is an example of B&R’s commitment to the user community in support of this critical topic. Responsible disclosure is an important element in the chain of trust we work to maintain with our many customers. The release of an Advisory provides timely information which is essential to help ensure our customers are fully informed.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outdated third-party component.\n\nAlthough no successful exploitation was observed during testing of the affected B\u0026R products, the identified vulnerabilities could present potential attack vectors that might enable unauthorized access, data exposure, or remote code execution.\n",
"title": "Summary"
},
{
"category": "other",
"text": "For additional instructions and support please contact your local B\u0026R service organization. For contact information, see https://www.br-automation.com/en/about-us/locations/.\n\nInformation about ABB\u2019s cyber security program and capabilities can be found at www.abb.com/cybersecurity.\n\n",
"title": "Support"
},
{
"category": "legal_disclaimer",
"text": "The information in this document is subject to change without notice, and should not be construed as a commitment by B\u0026R.\n\nB\u0026R provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall B\u0026R or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if B\u0026R or its suppliers have been advised of the possibility of such damages.\n\nThis document and parts hereof must not be reproduced or copied without written permission from B\u0026R, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.\n\nAll rights to registrations and trademarks reside with their respective owners.",
"title": "Notice"
},
{
"category": "other",
"text": "For any installation of software related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:\n\n\u2013 Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general purpose network (e.g. office or home networks).\n\n\u2013 Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.\n\n\u2013 Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.\n\n\u2013 Scan all data imported into your environment before use to detect potential malware infections.\n\n\u2013 Minimize network exposure for all applications and endpoints to ensure that they are not accessible from the Internet unless they are designed for such exposure and the intended use requires such.\n\n\u2013 Ensure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.\n\n\u2013 When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\n\nMore information on recommended practices can be found in the following documents:\n\nDefense in Depth for B\u0026R products - https://www.br-automation.com/fileadmin/Cyber_Security_-_Defense_in_Depth_for_BR_Products-bdd37e82.pdf\n",
"title": "General security recommendations"
},
{
"category": "other",
"text": "B\u0026R has a rigorous internal cyber security continuous improvement process which involves regular testing with industry leading tools and periodic assessments to identify potential product issues. Occasionally an issue is determined to be a design or coding flaw with implications that may impact product cyber security.\n\nWhen a potential product vulnerability is identified or reported, B\u0026R immediately initiates our vulnerability handling process. This entails validating if the issue is in fact a product issue, identifying root causes, determining what related products may be impacted, developing a remediation, and notifying end users and governmental organizations.\n\nThe resulting Cyber Security Advisory intends to notify customers of the vulnerability and provide details on which products are impacted, how to mitigate the vulnerability or explain workarounds that minimize the potential risk as much as possible. The release of a Cyber Security Advisory should not be misconstrued as an affirmation or indication of an active threat or ongoing campaign targeting the products mentioned here. If B\u0026R is aware of any specific threats, it will be clearly mentioned in the communication.\n\nThe publication of this Cyber Security Advisory is an example of B\u0026R\u2019s commitment to the user community in support of this critical topic. Responsible disclosure is an important element in the chain of trust we work to maintain with our many customers. The release of an Advisory provides timely information which is essential to help ensure our customers are fully informed.",
"title": "Purpose"
}
],
"publisher": {
"category": "vendor",
"name": "ABB PSIRT",
"namespace": "https://www.abb.com/global/en/company/about/cybersecurity/alerts-and-notifications"
},
"references": [
{
"category": "self",
"summary": "ABB CYBERSECURITY ADVISORY - PDF Version ",
"url": "https://www.br-automation.com/fileadmin/SA25P007-097a386d.pdf"
},
{
"category": "self",
"summary": "ABB CYBERSECURITY ADVISORY - CSAF Version ",
"url": "https://psirt.abb.com/csaf/2026/sa25p007.json"
}
],
"title": "B\u0026R Automation Studio Update of SQLite version",
"tracking": {
"current_release_date": "2026-02-18T00:30:00.000Z",
"generator": {
"date": "2026-02-18T11:44:03.289Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.43"
}
},
"id": "SA25P007",
"initial_release_date": "2026-02-18T00:30:00.000Z",
"revision_history": [
{
"date": "2026-02-18T00:30:00.000Z",
"legacy_version": "A",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.5",
"product": {
"name": "ABB B\u0026R Automation Studio \u003c6.5",
"product_id": "AV1"
}
},
{
"category": "product_version",
"name": "6.5",
"product": {
"name": "ABB B\u0026R Automation Studio 6.5",
"product_id": "FX1"
}
}
],
"category": "product_name",
"name": "B\u0026R Automation Studio"
}
],
"category": "vendor",
"name": "ABB"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "description",
"text": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-3277",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "An integer overflow vulnerability exists in SQLite\u0027s concat_ws() function that can lead to a massive heap buffer overflow. When triggered, the integer overflow results in a truncated size value being used for buffer allocation, while the original untruncated size is used for writing the resulting string, causing a heap buffer overflow of approximately 4GB.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2025-3277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2025-3277"
},
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-7104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 6.6,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2023-7104"
},
{
"cve": "CVE-2022-35737",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-35737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2022-35737"
},
{
"cve": "CVE-2020-15358",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-15358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-15358"
},
{
"cve": "CVE-2020-13632",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13632"
},
{
"cve": "CVE-2020-13631",
"cwe": {
"id": "CWE-286",
"name": "Incorrect User Management"
},
"notes": [
{
"category": "description",
"text": "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13631"
},
{
"cve": "CVE-2020-13630",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.3,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13630"
},
{
"cve": "CVE-2020-13435",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13435",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13435"
},
{
"cve": "CVE-2020-13434",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13434"
},
{
"cve": "CVE-2020-11656",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-11656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-11656"
},
{
"cve": "CVE-2020-11655",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object\u0027s initialization is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-11655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-11655"
},
{
"cve": "CVE-2019-19646",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2019-19646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19646"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2019-19646"
},
{
"cve": "CVE-2019-19645",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "description",
"text": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2019-19645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2019-19645"
},
{
"cve": "CVE-2019-8457",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2019-8457",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8457"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2019-8457"
},
{
"cve": "CVE-2018-20506",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allow-ing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-20506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-20506"
},
{
"cve": "CVE-2018-20505",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-20505",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-20505"
},
{
"cve": "CVE-2018-20346",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-20346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-20346"
},
{
"cve": "CVE-2018-8740",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-8740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-8740"
},
{
"cve": "CVE-2017-10989",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mis-handles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly un-specified other impact.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2017-10989",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2017-10989"
},
{
"cve": "CVE-2016-6153",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2016-6153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2016-6153"
},
{
"cve": "CVE-2015-6607",
"cwe": {
"id": "CWE-286",
"name": "Incorrect User Management"
},
"notes": [
{
"category": "description",
"text": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-6607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6607"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.4,
"environmentalSeverity": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.4,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2015-6607"
},
{
"cve": "CVE-2015-5895",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown im-pact and attack vectors.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-5895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2015-5895"
},
{
"cve": "CVE-2015-3717",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via un-specified vectors.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-3717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3717"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2015-3717"
},
{
"cve": "CVE-2015-3416",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-3416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2015-3416"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…