Shodan
Vulnerabilities
Vulnerable Software
Oracle:  >> Communications Network Charging And Control  >> 6.0.1  Security Vulnerabilities
CVE-2021-20227
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-03-23
CVE-2020-15358
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-06-27
CVE-2020-13871
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVSS Score
7.5
EPSS Score
0.023
Published
2020-06-06
CVE-2020-13632
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-05-27
CVE-2020-13630
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CVSS Score
7.0
EPSS Score
0.001
Published
2020-05-27
CVE-2020-13631
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-05-27
CVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-05-24
CVE-2020-11655
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVSS Score
7.5
EPSS Score
0.074
Published
2020-04-09
CVE-2020-11656
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVSS Score
9.8
EPSS Score
0.081
Published
2020-04-09
CVE-2020-11619
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CVSS Score
8.1
EPSS Score
0.018
Published
2020-04-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved