Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
668
VMScore

CVE-2019-8457

Published: 30/05/2019 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sqlite

Vulnerability Summary

It exists that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sqlite sqlite

canonical ubuntu linux 16.04

opensuse leap 42.3

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

canonical ubuntu linux 19.04

fedoraproject fedora 29

fedoraproject fedora 30

canonical ubuntu linux 14.04

Vendor Advisories

Red Hat: Moderate: sqlite security and bug fix update
Synopsis Moderate: sqlite security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for sqlite is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement update
Synopsis Important: Container-native Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Debian CVElist Bug Report Logs: sqlite3: CVE-2019-8457
Debian Bug report logs - #929775 sqlite3: CVE-2019-8457 Package: src:sqlite3; Maintainer for src:sqlite3 is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 30 May 2019 20:39:01 UTC Severity: important Tags: security, upstream Found in versions sqlite3/327 ...
Debian CVElist Bug Report Logs: sqlite3: CVE-2019-5018: Window Function Remote Code Execution Vulnerability
Debian Bug report logs - #928770 sqlite3: CVE-2019-5018: Window Function Remote Code Execution Vulnerability Package: src:sqlite3; Maintainer for src:sqlite3 is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 10 May 2019 19:09:01 UTC Severity: grave Tags: se ...
Ubuntu Security Notice: db5.3 vulnerability
Berkeley DB could be made to expose sensitive information ...
Ubuntu Security Notice: sqlite3 vulnerabilities
Several security issues were fixed in SQLite ...
Ubuntu Security Notice: db5.3 vulnerability
Berkeley DB could be made to expose sensitive information ...
Ubuntu Security Notice: sqlite3 vulnerabilities
Several security issues were fixed in SQLite ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/ski1204/overstock_test

challenges for an interview

Challenge 1: Python Docker Test The goal of this challenge is to assess how you resolve vulnerabilities within a docker image The dockerfile builds into a docker image that contains the following vulnerabilities CVE-2018-18074 CVE-2019-8457 CVE-2018-12699 The organization allows applications with high severity vulnerabilities to be released, but nothing more severe than hig

https://github.com/colonelmeow/appsecctf

appseccft CTF Anwers Challenge 1: Answers and Notes: 1 There are several things that can be addressed with this application CVE-2018-18074 can be addressed by modifying the requirements file to install requests=2220 rather than the vulnerable version Also there are a lot of package imports in the script itself that aren't being used, and should be removed until they

https://github.com/frida963/ThousandEyesChallenge

ThousandEyesChallenge Documentation To run the docker image, extract the archive (ThousandEyesAPIzip) and proceed to build and run the Docker image using the provided Dockerfile Next are the steps followed to create the code and the docker image API code Initialize a new virtual environment python -m venv env source env/bin/activate

References

CWE-125https://www.sqlite.org/src/info/90acdbfce9c08858https://www.sqlite.org/releaselog/3_28_0.htmlhttps://usn.ubuntu.com/4004-1/https://usn.ubuntu.com/4004-2/https://security.netapp.com/advisory/ntap-20190606-0002/https://usn.ubuntu.com/4019-1/https://usn.ubuntu.com/4019-2/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://kc.mcafee.com/corporate/index?page=content&id=SB10365https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:1810https://github.com/ski1204/overstock_testhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10https://usn.ubuntu.com/4004-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook