Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-24	CVE-2019-19925	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. network low complexity sqlite siemens oracle debian redhat suse opensuse netapp CWE-434	5.0
2019-12-24	CVE-2019-19924	Improper Handling of Exceptional Conditions vulnerability in multiple products SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. network low complexity sqlite siemens apache oracle netapp CWE-755	5.3
2019-12-24	CVE-2019-19923	NULL Pointer Dereference vulnerability in multiple products flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. network low complexity sqlite siemens oracle debian redhat suse opensuse netapp CWE-476	5.0
2019-12-23	CVE-2019-19926	NULL Pointer Dereference vulnerability in multiple products multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. network low complexity sqlite siemens oracle debian redhat opensuse suse netapp CWE-476	5.0
2019-12-18	CVE-2019-19880	NULL Pointer Dereference vulnerability in multiple products exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. network low complexity sqlite netapp debian suse redhat opensuse oracle siemens CWE-476	5.0
2019-11-27	CVE-2019-19242	NULL Pointer Dereference vulnerability in multiple products SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. network sqlite canonical redhat oracle siemens CWE-476	4.3
2019-11-25	CVE-2019-19244	sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. network low complexity sqlite canonical oracle siemens	5.0
2019-09-09	CVE-2019-16168	Divide By Zero vulnerability in multiple products In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." network low complexity sqlite netapp canonical fedoraproject debian tenable oracle mcafee CWE-369	6.5
2019-05-10	CVE-2019-5018	Use After Free vulnerability in multiple products An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. network sqlite canonical CWE-416	6.8
2019-04-03	CVE-2018-20506	Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). network sqlite apple opensuse CWE-190	6.8