Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3F6F3A7D0E2060BE15E163DF639CBCA1D6926CD91548FE9D0F3D6794F08655F6
HistoryDec 20, 2019 - 2:02 p.m.

Security Bulletin: Multiple Vulnerabilities in SQLite affects IBM Watson Studio Local

2019-12-2014:02:58
www.ibm.com
29

0.9 High

EPSS

Percentile

98.8%

JSON

Summary

Multiple Vulnerabilities in SQLite affects IBM Watson Studio Local

Vulnerability Details

CVEID:CVE-2019-9936
**DESCRIPTION:**In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158904 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2019-9937
**DESCRIPTION:**In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158903 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-8740
**DESCRIPTION:**In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/140476 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-8457
**DESCRIPTION:**SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161901 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-16168
**DESCRIPTION:**In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a “severe division by zero in the query planner.”
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166986 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-5018
**DESCRIPTION:**An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160854 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2018-20346
**DESCRIPTION:**Multiple issues in SQLite via WebSQL in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/154623 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-19317
**DESCRIPTION:**SQLite is vulnerable to a denial of service, caused by an error in lookupName in resolve.c. By providing specially crafted input, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172670 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-19242
**DESCRIPTION:**SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172151 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2019-19244
**DESCRIPTION:**sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172196 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Studio - Local 1.2.3

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM Watson Studio Local 2.1 <https://www.ibm.com/software/passportadvantage/pao_customer.html&gt;
IBM Cloud Pak for Data 2.5 <https://www.ibm.com/software/passportadvantage/pao_customer.html&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm watson studio localeq1.2.3

Related

nessus 45
cloudfoundry 3
openvas 32
ubuntu 3
ibm 15
fedora 8
mageia 3
gentoo 2
suse 5
osv 9
debian 2
cvelist 7
prion 7
alpinelinux 5
ubuntucve 7
photon 2
cve 8
sqlite 1
nvd 7
debiancve 8
redhatcve 7
symantec 2
cbl_mariner 3
veracode 6
checkpoint_advisories 1
freebsd 1
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : SQLite vulnerabilities (USN-4205-1)
2019-12-03 00:00:00
GLSA-201908-09 : SQLite: Multiple vulnerabilities
2019-08-20 00:00:00
Photon OS 1.0: Sqlite PHSA-2019-1.0-0228
2019-05-14 00:00:00
cloudfoundry
cloudfoundry
USN-4205-1: SQLite vulnerabilities | Cloud Foundry
2019-12-18 00:00:00
USN-4019-1: SQLite vulnerabilities | Cloud Foundry
2019-07-10 00:00:00
USN-4004-1: Berkeley DB vulnerability | Cloud Foundry
2019-06-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4205-1)
2019-12-03 00:00:00
Fedora Update for sqlite FEDORA-2019-b1636e0b70
2019-12-08 00:00:00
Mageia: Security Advisory (MGASA-2019-0240)
2022-01-28 00:00:00
ubuntu
ubuntu
SQLite vulnerabilities
2019-12-02 00:00:00
SQLite vulnerabilities
2019-06-19 00:00:00
Berkeley DB vulnerability
2019-06-04 00:00:00
ibm
ibm
Security Bulletin: Addressing the Sqlite Vulnerability CVE-2019-16168, CVE-2019-19242 and CVE-2019-19244
2020-03-03 14:28:29
Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI.
2020-03-01 17:02:58
Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability
2020-10-09 16:57:01
fedora
fedora
[SECURITY] Fedora 30 Update: sqlite-3.26.0-7.fc30
2019-12-05 01:12:09
[SECURITY] Fedora 30 Update: sqlite-3.26.0-6.fc30
2019-07-27 01:40:44
[SECURITY] Fedora 29 Update: sqlite-3.26.0-4.fc29
2019-08-08 01:53:28
mageia
mageia
Updated sqlite3 packages fix security vulnerabilities
2019-09-07 00:09:08
Updated sqlite3 packages fix security vulnerabilities
2020-01-30 21:28:34
Updated sqlite3 packages fix security vulnerability
2018-12-27 02:08:41
gentoo
gentoo
SQLite: Multiple vulnerabilities
2019-08-15 00:00:00
SQLite: Remote code execution
2019-04-22 00:00:00
suse
suse
Security update for sqlite3 (moderate)
2019-05-10 00:00:00
Security update for sqlite3 (moderate)
2019-10-08 00:00:00
Security update for sqlite3 (moderate)
2019-04-05 00:00:00
osv
osv
sqlite3 - security update
2020-08-22 00:00:00
CVE-2019-19244
2019-11-25 20:15:11
CVE-2019-19317
2019-12-05 14:15:09
debian
debian
[SECURITY] [DLA 2340-1] sqlite3 security update
2020-08-22 22:34:41
[SECURITY] [DLA 1613-1] sqlite3 security update
2018-12-22 00:38:40
cvelist
cvelist
CVE-2019-19242
2019-11-25 15:30:11
CVE-2019-19317
2019-12-05 13:53:16
CVE-2019-19244
2019-11-25 19:32:38
prion
prion
Design/Logic Flaw
2019-12-05 14:15:00
Code injection
2019-11-27 17:15:00
Sql injection
2019-11-25 20:15:00
alpinelinux
alpinelinux
CVE-2019-19242
2019-11-27 17:15:14
CVE-2019-19317
2019-12-05 14:15:00
CVE-2018-20346
2018-12-21 21:29:00
ubuntucve
ubuntucve
CVE-2019-19242
2019-11-26 00:00:00
CVE-2019-19317
2019-12-05 00:00:00
CVE-2019-16168
2019-09-09 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0270
2020-01-30 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0231
2019-05-03 00:00:00
cve
cve
CVE-2019-19244
2019-11-25 20:15:11
CVE-2019-19317
2019-12-05 14:15:09
CVE-2019-19242
2019-11-27 17:15:14
sqlite
sqlite
SQLite report about CVE-2019-19317
2019-01-01 00:00:00
nvd
nvd
CVE-2019-19242
2019-11-27 17:15:14
CVE-2019-19317
2019-12-05 14:15:09
CVE-2019-19244
2019-11-25 20:15:11
debiancve
debiancve
CVE-2019-19317
2019-12-05 14:15:09
CVE-2019-19242
2019-11-27 17:15:14
CVE-2019-19244
2019-11-25 20:15:11
redhatcve
redhatcve
CVE-2019-19242
2019-12-02 17:18:33
CVE-2019-19317
2019-12-16 18:41:52
CVE-2019-19244
2019-11-28 18:47:50
symantec
symantec
SQLite CVE-2019-19317 Denial of Service Vulnerability
2019-11-22 00:00:00
SQLite CVE-2019-16168 Denial of Service Vulnerability
2019-11-05 00:00:00
cbl_mariner
cbl_mariner
CVE-2018-20346 affecting package ceph for versions less than 18.2.1-1
2024-04-17 22:02:46
CVE-2019-16168 affecting package ceph for versions less than 18.2.1-1
2024-04-17 22:02:46
CVE-2019-8457 affecting package ceph for versions less than 18.2.1-1
2024-04-17 22:02:46
veracode
veracode
Denial Of Service (DoS)
2019-09-10 03:36:37
Arbitrary Code Execution
2020-12-06 04:38:06
Information Disclosure
2020-12-06 04:39:01
checkpoint_advisories
checkpoint_advisories
SQLite FTS Integer Overflow (CVE-2018-20346)
2019-01-15 00:00:00
freebsd
freebsd
SQLite -- Corrupt DB can cause a NULL pointer dereference
2018-03-16 00:00:00

0.9 High

EPSS

Percentile

98.8%

JSON
Related for 3F6F3A7D0E2060BE15E163DF639CBCA1D6926CD91548FE9D0F3D6794F08655F6
nessus45cloudfoundry3openvas32ubuntu3ibm15fedora8mageia3gentoo2suse5osv9debian2cvelist7prion7alpinelinux5ubuntucve7photon2cve8sqlite1nvd7debiancve8redhatcve7symantec2cbl_mariner3veracode6checkpoint_advisories1freebsd1