Oracle » Communications Network Charging And Control » 6.0.1 : Security Vulnerabilities, CVEs,
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.
Max CVSS
5.5
EPSS Score
0.07%
Published
2021-03-23
Updated
2022-11-16
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Max CVSS
5.5
EPSS Score
0.16%
Published
2020-06-27
Updated
2022-05-12
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
Max CVSS
7.5
EPSS Score
0.98%
Published
2020-06-06
Updated
2022-05-13
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
Max CVSS
5.5
EPSS Score
0.09%
Published
2020-05-27
Updated
2022-05-13
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Max CVSS
5.5
EPSS Score
0.11%
Published
2020-05-27
Updated
2022-05-13
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Max CVSS
7.0
EPSS Score
0.06%
Published
2020-05-27
Updated
2022-05-13
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Max CVSS
5.5
EPSS Score
0.13%
Published
2020-05-24
Updated
2023-01-09
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Max CVSS
9.8
EPSS Score
1.08%
Published
2020-04-09
Updated
2022-04-08
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
Max CVSS
7.5
EPSS Score
1.64%
Published
2020-04-09
Updated
2022-04-08
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
Max CVSS
8.1
EPSS Score
4.40%
Published
2020-04-07
Updated
2021-02-22
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
Max CVSS
8.1
EPSS Score
5.02%
Published
2020-04-07
Updated
2021-02-22
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
Max CVSS
8.8
EPSS Score
0.79%
Published
2020-03-31
Updated
2021-12-10
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Max CVSS
8.8
EPSS Score
0.79%
Published
2020-03-31
Updated
2021-12-10
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
Max CVSS
8.8
EPSS Score
0.79%
Published
2020-03-31
Updated
2021-12-10
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
Max CVSS
8.8
EPSS Score
0.79%
Published
2020-03-26
Updated
2021-12-07
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
Max CVSS
8.8
EPSS Score
0.79%
Published
2020-03-26
Updated
2021-12-07
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
Max CVSS
8.8
EPSS Score
1.12%
Published
2020-03-18
Updated
2023-09-13
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
Max CVSS
8.8
EPSS Score
1.12%
Published
2020-03-18
Updated
2021-12-07
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
Max CVSS
9.8
EPSS Score
0.41%
Published
2020-03-02
Updated
2023-09-13
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
Max CVSS
9.8
EPSS Score
0.71%
Published
2020-03-02
Updated
2023-09-13
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
Max CVSS
9.8
EPSS Score
0.66%
Published
2020-03-02
Updated
2021-12-02
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Max CVSS
7.5
EPSS Score
1.05%
Published
2020-02-21
Updated
2022-04-08
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
Max CVSS
9.8
EPSS Score
0.63%
Published
2020-01-03
Updated
2023-09-13
23 vulnerabilities found