ID

VAR-201504-0477


CVE

CVE-2015-3414


TITLE

SQLite Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002489

DESCRIPTION

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. SQLite is an open source embedded relational database management system based on C language developed by American software developer D.Richard Hipp. The system has the characteristics of independence, isolation, and cross-platform. There is a security vulnerability in SQLite versions prior to 3.8.9. The vulnerability is caused by the program not correctly handling the 'dequote' operation of the collation-sequence name. ============================================================================ Ubuntu Security Notice USN-2698-1 July 30, 2015 sqlite3 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: SQLite could be made to crash or run programs if it processed specially crafted queries. Software Description: - sqlite3: C library that implements an SQL database engine Details: It was discovered that SQLite incorrectly handled skip-scan optimization. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7443) Michal Zalewski discovered that SQLite incorrectly handled dequoting of collation-sequence names. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3414) Michal Zalewski discovered that SQLite incorrectly implemented comparison operators. This issue only affected Ubuntu 15.04. (CVE-2015-3415) Michal Zalewski discovered that SQLite incorrectly handle printf precision and width values during floating-point conversions. (CVE-2015-3416) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libsqlite3-0 3.8.7.4-1ubuntu0.1 Ubuntu 14.04 LTS: libsqlite3-0 3.8.2-1ubuntu2.1 Ubuntu 12.04 LTS: libsqlite3-0 3.7.9-2ubuntu1.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2698-1 CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416 Package Information: https://launchpad.net/ubuntu/+source/sqlite3/3.8.7.4-1ubuntu0.1 https://launchpad.net/ubuntu/+source/sqlite3/3.8.2-1ubuntu2.1 https://launchpad.net/ubuntu/+source/sqlite3/3.7.9-2ubuntu1.2 . For the stable distribution (jessie), these problems have been fixed in version 3.8.7.1-1+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 3.8.9-1. For the unstable distribution (sid), these problems have been fixed in version 3.8.9-1. We recommend that you upgrade your sqlite3 packages. The updated packages provides a solution for these security issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416 https://bugzilla.redhat.com/show_bug.cgi?id=1212353 https://bugzilla.redhat.com/show_bug.cgi?id=1212356 https://bugzilla.redhat.com/show_bug.cgi?id=1212357 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: adb7e2731d814af7948c8a65662e7c71 mbs1/x86_64/lemon-3.8.9-1.mbs1.x86_64.rpm 8c9620460c62d0f7d07bd5fee68ac038 mbs1/x86_64/lib64sqlite3_0-3.8.9-1.mbs1.x86_64.rpm f060fd3ca68302f59e47e9bc1b336d4b mbs1/x86_64/lib64sqlite3-devel-3.8.9-1.mbs1.x86_64.rpm 0fdd2e8a7456b51773b2a131534b9867 mbs1/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs1.x86_64.rpm 14682c0d09a3dc73f4405ee136c6115d mbs1/x86_64/sqlite3-tcl-3.8.9-1.mbs1.x86_64.rpm c2fc81b9162865ecdcef85aaa805507f mbs1/x86_64/sqlite3-tools-3.8.9-1.mbs1.x86_64.rpm 474e6b9bc6a7299f8ab34a90893bbd96 mbs1/SRPMS/sqlite3-3.8.9-1.mbs1.src.rpm Mandriva Business Server 2/X86_64: 44c4a002a3480388751603981327a21d mbs2/x86_64/lemon-3.8.9-1.mbs2.x86_64.rpm 9d2ded51447e5f133c37257635ef4f22 mbs2/x86_64/lib64sqlite3_0-3.8.9-1.mbs2.x86_64.rpm 42c8fce0126487fa0a72b4f5f1b5e852 mbs2/x86_64/lib64sqlite3-devel-3.8.9-1.mbs2.x86_64.rpm a93c0f348006f6675779bf7cd5c9f547 mbs2/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs2.x86_64.rpm 792f42a7a38d7947e7b5d0ea67510de2 mbs2/x86_64/sqlite3-tcl-3.8.9-1.mbs2.x86_64.rpm 947e30fcb8c4f19b1398d6e29adc29ac mbs2/x86_64/sqlite3-tools-3.8.9-1.mbs2.x86_64.rpm 150cb2acc870d5ca8a343f21edef4248 mbs2/SRPMS/sqlite3-3.8.9-1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 iTunes for Windows 12.6 addresses the following: APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling. CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM) Entry added March 28, 2017 iTunes Available for: Windows 7 and later Impact: Multiple issues in SQLite Description: Multiple issues existed in SQLite. These issues were addressed by updating SQLite to version 3.15.2. CVE-2013-7443 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2015-3717 CVE-2015-6607 CVE-2016-6153 iTunes Available for: Windows 7 and later Impact: Multiple issues in expat Description: Multiple issues existed in expat. These issues were addressed by updating expat to version 2.2.0. CVE-2009-3270 CVE-2009-3560 CVE-2009-3720 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300 libxslt Available for: Windows 7 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-5029: Holger Fuhrmannek Entry added March 28, 2017 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative Entry added March 28, 2017 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation. CVE-2017-2479: lokihardt of Google Project Zero CVE-2017-2480: lokihardt of Google Project Zero Entry added March 28, 2017 Installation note: iTunes for Windows 12.6 may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj /zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX sE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/ YKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER AMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc diSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp esMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom g7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+ lJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw iJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE 9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo VkUmhXDNi0csm+QTi7ZP =hPjT -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2015-198-02) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.43-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.43-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.43-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.43-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.43-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.11-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.11-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: f34f96584f242735830b866d3daf7cef php-5.4.43-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 8271dca3b5409ce7b73d30628aa0ace4 php-5.4.43-x86_64-1_slack14.0.txz Slackware 14.1 package: 6eb81ab4a6f09e4a8b4d4d5e7cbbda57 php-5.4.43-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 3a4a3f2d94af2fafb2a624d4c83c9ca3 php-5.4.43-x86_64-1_slack14.1.txz Slackware -current package: 020ea5fa030e4970859f79c598a1e9b5 n/php-5.6.11-i586-1.txz Slackware x86_64 -current package: 681ed93dadf75420ca2ee5d03b369da0 n/php-5.6.11-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.4.43-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlWpWykACgkQakRjwEAQIjNnZQCggRIu0k8CJLXAS7PNYC6Sl8oh WDEAoIvnhdoPno9Yz/j/gOr6MqUljkpe =n4jG -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2015-3414 // JVNDB: JVNDB-2015-002489 // VULHUB: VHN-81375 // VULMON: CVE-2015-3414 // PACKETSTORM: 141808 // PACKETSTORM: 132898 // PACKETSTORM: 131788 // PACKETSTORM: 141796 // PACKETSTORM: 131696 // PACKETSTORM: 141937 // PACKETSTORM: 132742

AFFECTED PRODUCTS

vendor:sqlitemodel:sqlitescope:lteversion:3.8.8.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.04

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.4.42

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.6.10

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.5.26

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.5.0

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.4.0

Trust: 1.0

vendor:sqlitemodel:sqlitescope:ltversion:3.8.9

Trust: 0.8

vendor:applemodel:mac os xscope:ltversion:10.6.8 or later 10.11

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch)

Trust: 0.8

vendor:sqlitemodel:sqlitescope:eqversion:3.8.8.3

Trust: 0.6

sources: JVNDB: JVNDB-2015-002489 // CNNVD: CNNVD-201504-504 // NVD: CVE-2015-3414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3414
value: HIGH

Trust: 1.0

NVD: CVE-2015-3414
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201504-504
value: HIGH

Trust: 0.6

VULHUB: VHN-81375
value: HIGH

Trust: 0.1

VULMON: CVE-2015-3414
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3414
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81375
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81375 // VULMON: CVE-2015-3414 // JVNDB: JVNDB-2015-002489 // CNNVD: CNNVD-201504-504 // NVD: CVE-2015-3414

PROBLEMTYPE DATA

problemtype:CWE-908

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-81375 // JVNDB: JVNDB-2015-002489 // NVD: CVE-2015-3414

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-504

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201504-504

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002489

PATCH

title:APPLE-SA-2015-09-21-1 watchOS 2url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

Trust: 0.8

title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Trust: 0.8

title:HT205213url:https://support.apple.com/en-us/HT205213

Trust: 0.8

title:HT205267url:https://support.apple.com/en-us/HT205267

Trust: 0.8

title:HT205267url:https://support.apple.com/ja-jp/HT205267

Trust: 0.8

title:HT205213url:https://support.apple.com/ja-jp/HT205213

Trust: 0.8

title:Fix a problem causing collation sequence names to be dequoted multiple times under some circumstances.url:https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2

Trust: 0.8

title:sqlite-autoconf-3080900url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55211

Trust: 0.6

title:sqlite-amalgamation-3080900url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55210

Trust: 0.6

title:Debian CVElist Bug Report Logs: sqlite3: CVE-2015-3414 CVE-2015-3415 CVE-2015-3416url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f3b20c41a92070ec876bf6271a150223

Trust: 0.1

title:Ubuntu Security Notice: sqlite3 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2698-1

Trust: 0.1

title:Red Hat: CVE-2015-3414url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-3414

Trust: 0.1

title:Debian Security Advisories: DSA-3252-1 sqlite3 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=77154669f815221143233607dd8533ab

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-591url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-591

Trust: 0.1

title:Apple: iTunes 12.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a68da1048a006f5980c613c06ab6fbb6

Trust: 0.1

title:Apple: iTunes 12.6 for Windowsurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a2320462745411a5547ed48fe868a9a6

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-561url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-561

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-562url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-562

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-563url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-563

Trust: 0.1

title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

sources: VULMON: CVE-2015-3414 // JVNDB: JVNDB-2015-002489 // CNNVD: CNNVD-201504-504

EXTERNAL IDS

db:NVDid:CVE-2015-3414

Trust: 3.3

db:SECTRACKid:1033703

Trust: 1.8

db:BIDid:74228

Trust: 1.8

db:JVNid:JVNVU97220341

Trust: 0.8

db:JVNid:JVNVU99970459

Trust: 0.8

db:JVNDBid:JVNDB-2015-002489

Trust: 0.8

db:CNNVDid:CNNVD-201504-504

Trust: 0.7

db:AUSCERTid:ESB-2020.3573.2

Trust: 0.6

db:AUSCERTid:ESB-2021.3221

Trust: 0.6

db:AUSCERTid:ESB-2021.2412

Trust: 0.6

db:AUSCERTid:ESB-2020.3573

Trust: 0.6

db:PACKETSTORMid:131696

Trust: 0.2

db:PACKETSTORMid:131788

Trust: 0.2

db:PACKETSTORMid:133098

Trust: 0.1

db:PACKETSTORMid:132556

Trust: 0.1

db:VULHUBid:VHN-81375

Trust: 0.1

db:VULMONid:CVE-2015-3414

Trust: 0.1

db:PACKETSTORMid:141808

Trust: 0.1

db:PACKETSTORMid:132898

Trust: 0.1

db:PACKETSTORMid:141796

Trust: 0.1

db:PACKETSTORMid:141937

Trust: 0.1

db:PACKETSTORMid:132742

Trust: 0.1

sources: VULHUB: VHN-81375 // VULMON: CVE-2015-3414 // JVNDB: JVNDB-2015-002489 // PACKETSTORM: 141808 // PACKETSTORM: 132898 // PACKETSTORM: 131788 // PACKETSTORM: 141796 // PACKETSTORM: 131696 // PACKETSTORM: 141937 // PACKETSTORM: 132742 // CNNVD: CNNVD-201504-504 // NVD: CVE-2015-3414

REFERENCES

url:http://seclists.org/fulldisclosure/2015/apr/31

Trust: 2.6

url:http://www.ubuntu.com/usn/usn-2698-1

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00005.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html

Trust: 1.8

url:http://www.securityfocus.com/bid/74228

Trust: 1.8

url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 1.8

url:https://support.apple.com/ht205213

Trust: 1.8

url:https://support.apple.com/ht205267

Trust: 1.8

url:https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2

Trust: 1.8

url:http://www.debian.org/security/2015/dsa-3252

Trust: 1.8

url:https://security.gentoo.org/glsa/201507-05

Trust: 1.8

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:217

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2015-1635.html

Trust: 1.8

url:http://www.securitytracker.com/id/1033703

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3414

Trust: 1.0

url:http://jvn.jp/vu/jvnvu97220341/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99970459/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3414

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-3415

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-3416

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-3414

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2021.3221

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2412

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3573.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3573/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-7443

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-5300

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-0718

Trust: 0.3

url:https://support.apple.com/kb/ht201222

Trust: 0.3

url:https://gpgtools.org

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2009-3720

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-6153

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2009-3270

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-6607

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2009-3560

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-1283

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-3717

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-6702

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4472

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-1148

Trust: 0.3

url:https://www.apple.com/itunes/download/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-1147

Trust: 0.3

url:http://www.debian.org/security/

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3415

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3416

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=39344

Trust: 0.1

url:https://usn.ubuntu.com/2698-1/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3414

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/sqlite3/3.8.7.4-1ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/sqlite3/3.8.2-1ubuntu2.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/sqlite3/3.7.9-2ubuntu1.2

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1212353

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1212356

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1212357

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2480

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5029

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2479

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2383

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2463

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2325

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4644

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4644

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4642

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2326

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4643

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2325

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4643

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4642

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2326

Trust: 0.1

sources: VULHUB: VHN-81375 // VULMON: CVE-2015-3414 // JVNDB: JVNDB-2015-002489 // PACKETSTORM: 141808 // PACKETSTORM: 132898 // PACKETSTORM: 131788 // PACKETSTORM: 141796 // PACKETSTORM: 131696 // PACKETSTORM: 141937 // PACKETSTORM: 132742 // CNNVD: CNNVD-201504-504 // NVD: CVE-2015-3414

CREDITS

Apple

Trust: 0.3

sources: PACKETSTORM: 141808 // PACKETSTORM: 141796 // PACKETSTORM: 141937

SOURCES

db:VULHUBid:VHN-81375
db:VULMONid:CVE-2015-3414
db:JVNDBid:JVNDB-2015-002489
db:PACKETSTORMid:141808
db:PACKETSTORMid:132898
db:PACKETSTORMid:131788
db:PACKETSTORMid:141796
db:PACKETSTORMid:131696
db:PACKETSTORMid:141937
db:PACKETSTORMid:132742
db:CNNVDid:CNNVD-201504-504
db:NVDid:CVE-2015-3414

LAST UPDATE DATE

2024-11-20T19:47:27.438000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-81375date:2018-07-19T00:00:00
db:VULMONid:CVE-2015-3414date:2018-07-19T00:00:00
db:JVNDBid:JVNDB-2015-002489date:2015-10-05T00:00:00
db:CNNVDid:CNNVD-201504-504date:2022-08-17T00:00:00
db:NVDid:CVE-2015-3414date:2022-08-16T13:32:25.600

SOURCES RELEASE DATE

db:VULHUBid:VHN-81375date:2015-04-24T00:00:00
db:VULMONid:CVE-2015-3414date:2015-04-24T00:00:00
db:JVNDBid:JVNDB-2015-002489date:2015-04-28T00:00:00
db:PACKETSTORMid:141808date:2017-03-24T14:54:06
db:PACKETSTORMid:132898date:2015-08-03T01:16:09
db:PACKETSTORMid:131788date:2015-05-07T15:20:32
db:PACKETSTORMid:141796date:2017-03-23T16:22:29
db:PACKETSTORMid:131696date:2015-04-30T15:46:33
db:PACKETSTORMid:141937date:2017-03-28T23:44:44
db:PACKETSTORMid:132742date:2015-07-20T15:45:28
db:CNNVDid:CNNVD-201504-504date:2015-04-27T00:00:00
db:NVDid:CVE-2015-3414date:2015-04-24T17:59:00.067