Open mend-for-github-com[bot] opened 1 year ago
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
11 months ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2019-19646
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability Detailspragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
Publish Date: 2019-12-09
URL: CVE-2019-19646
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19646
Release Date: 2019-12-09
Fix Resolution: 3.31.0
CVE-2020-11656
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsIn SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Publish Date: 2020-04-09
URL: CVE-2020-11656
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2020-04-09
Fix Resolution: version-3.32.0
CVE-2019-8457
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
Publish Date: 2019-05-30
URL: CVE-2019-8457
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.sqlite.org/releaselog/3_28_0.html
Release Date: 2019-05-30
Fix Resolution: 3.28.0
CVE-2018-20505
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
Publish Date: 2019-04-03
URL: CVE-2018-20505
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.sqlite.org/releaselog/3_26_0.html
Release Date: 2019-04-03
Fix Resolution: 3.26.0
CVE-2020-11655
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
Publish Date: 2020-04-09
URL: CVE-2020-11655
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2020-04-09
Fix Resolution: 3.32.3
CVE-2020-13630
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability Detailsext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Publish Date: 2020-05-27
URL: CVE-2020-13630
### CVSS 3 Score Details (7.0)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13630
Release Date: 2020-05-27
Fix Resolution: 3.32.0
CVE-2019-16168
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsIn SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Publish Date: 2019-09-09
URL: CVE-2019-16168
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
Release Date: 2019-09-09
Fix Resolution: 3.30.0
CVE-2020-13631
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Publish Date: 2020-05-27
URL: CVE-2020-13631
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631
Release Date: 2020-05-27
Fix Resolution: 3.32.0
CVE-2020-13434
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Publish Date: 2020-05-24
URL: CVE-2020-13434
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434
Release Date: 2020-05-24
Fix Resolution: 3.32.1
CVE-2020-13632
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability Detailsext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
Publish Date: 2020-05-27
URL: CVE-2020-13632
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13632
Release Date: 2020-05-27
Fix Resolution: 3.32.0
CVE-2020-13435
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
Publish Date: 2020-05-24
URL: CVE-2020-13435
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435
Release Date: 2020-05-24
Fix Resolution: 3.32.1
CVE-2019-19645
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability Detailsalter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
Publish Date: 2019-12-09
URL: CVE-2019-19645
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645
Release Date: 2019-12-09
Fix Resolution: 3.31.0