Vulnerabilities > Oracle > Mysql Workbench > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-21 CVE-2020-9327 NULL Pointer Dereference vulnerability in multiple products
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
network
low complexity
sqlite netapp canonical siemens oracle CWE-476
7.5
2020-01-21 CVE-2020-7595 Infinite Loop vulnerability in multiple products
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
7.5
2020-01-21 CVE-2019-20388 Memory Leak vulnerability in multiple products
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
7.5
2020-01-02 CVE-2019-20218 Improper Handling of Exceptional Conditions vulnerability in multiple products
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
network
low complexity
sqlite debian canonical oracle CWE-755
7.5
2019-12-24 CVE-2019-19925 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
7.5
2019-12-24 CVE-2019-19923 NULL Pointer Dereference vulnerability in multiple products
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view.
7.5
2019-12-23 CVE-2019-19926 NULL Pointer Dereference vulnerability in multiple products
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls.
7.5
2019-12-18 CVE-2019-19880 NULL Pointer Dereference vulnerability in multiple products
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
7.5
2019-12-10 CVE-2019-14889 OS Command Injection vulnerability in multiple products
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8.
8.8
2019-12-09 CVE-2019-19603 SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
network
low complexity
sqlite oracle siemens apache netapp
7.5