ID

VAR-201504-0478


CVE

CVE-2015-3415


TITLE

SQLite of vdbe.c of sqlite3VdbeExec Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002490

DESCRIPTION

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. SQLite is prone to the following vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. An arbitrary code-execution vulnerability 3. A memory-corruption vulnerability 4. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions. SQLite versions prior to 3.8.9 are vulnerable. SQLite is an open source embedded relational database management system based on C language developed by American software developer D.Richard Hipp. The system has the characteristics of independence, isolation, and cross-platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SQLite: Multiple vulnerabilities Date: July 07, 2015 Bugs: #546626 ID: 201507-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in SQLite, allowing context-dependent attackers to cause a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/sqlite < 3.8.9 >= 3.8.9 Description =========== Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All SQLite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.8.9" References ========== [ 1 ] CVE-2015-3414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3414 [ 2 ] CVE-2015-3415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3415 [ 3 ] CVE-2015-3416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3416 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: sqlite security update Advisory ID: RHSA-2015:1635-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1635.html Issue date: 2015-08-17 CVE Names: CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 ===================================================================== 1. Summary: An updated sqlite package that fixes three security issues is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414) It was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415) It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3416) All sqlite users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1212353 - CVE-2015-3414 sqlite: use of uninitialized memory when parsing collation sequences in src/where.c 1212356 - CVE-2015-3415 sqlite: invalid free() in src/vdbe.c 1212357 - CVE-2015-3416 sqlite: stack buffer overflow in src/printf.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm ppc64: sqlite-3.7.17-6.el7_1.1.ppc.rpm sqlite-3.7.17-6.el7_1.1.ppc64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.ppc.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.ppc64.rpm sqlite-devel-3.7.17-6.el7_1.1.ppc.rpm sqlite-devel-3.7.17-6.el7_1.1.ppc64.rpm s390x: sqlite-3.7.17-6.el7_1.1.s390.rpm sqlite-3.7.17-6.el7_1.1.s390x.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.s390.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.s390x.rpm sqlite-devel-3.7.17-6.el7_1.1.s390.rpm sqlite-devel-3.7.17-6.el7_1.1.s390x.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: sqlite-3.7.17-6.ael7b_1.1.src.rpm ppc64le: sqlite-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-debuginfo-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-devel-3.7.17-6.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm ppc64: lemon-3.7.17-6.el7_1.1.ppc64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.ppc64.rpm sqlite-tcl-3.7.17-6.el7_1.1.ppc64.rpm s390x: lemon-3.7.17-6.el7_1.1.s390x.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.s390x.rpm sqlite-tcl-3.7.17-6.el7_1.1.s390x.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: sqlite-doc-3.7.17-6.ael7b_1.1.noarch.rpm ppc64le: lemon-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-debuginfo-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-tcl-3.7.17-6.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3414 https://access.redhat.com/security/cve/CVE-2015-3415 https://access.redhat.com/security/cve/CVE-2015-3416 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV0c4vXlSAg2UNWIIRAk8jAJ9ya3aROVTX8RDQ+RlCcls0ddR6CACfaeH9 Q91hN45yeXgVnmom/HYSQRU= =814S -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2698-1 July 30, 2015 sqlite3 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: SQLite could be made to crash or run programs if it processed specially crafted queries. This issue only affected Ubuntu 14.04 LTS. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. This issue only affected Ubuntu 15.04. (CVE-2015-3416) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libsqlite3-0 3.8.7.4-1ubuntu0.1 Ubuntu 14.04 LTS: libsqlite3-0 3.8.2-1ubuntu2.1 Ubuntu 12.04 LTS: libsqlite3-0 3.7.9-2ubuntu1.2 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 iTunes for Windows 12.6 addresses the following: APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling. CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM) Entry added March 28, 2017 iTunes Available for: Windows 7 and later Impact: Multiple issues in SQLite Description: Multiple issues existed in SQLite. These issues were addressed by updating SQLite to version 3.15.2. CVE-2013-7443 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2015-3717 CVE-2015-6607 CVE-2016-6153 iTunes Available for: Windows 7 and later Impact: Multiple issues in expat Description: Multiple issues existed in expat. These issues were addressed by updating expat to version 2.2.0. CVE-2009-3270 CVE-2009-3560 CVE-2009-3720 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300 libxslt Available for: Windows 7 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-5029: Holger Fuhrmannek Entry added March 28, 2017 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative Entry added March 28, 2017 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation. CVE-2017-2479: lokihardt of Google Project Zero CVE-2017-2480: lokihardt of Google Project Zero Entry added March 28, 2017 Installation note: iTunes for Windows 12.6 may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj /zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX sE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/ YKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER AMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc diSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp esMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom g7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+ lJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw iJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE 9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo VkUmhXDNi0csm+QTi7ZP =hPjT -----END PGP SIGNATURE----- . Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.43-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.43-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.43-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.43-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.43-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.11-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.11-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: f34f96584f242735830b866d3daf7cef php-5.4.43-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 8271dca3b5409ce7b73d30628aa0ace4 php-5.4.43-x86_64-1_slack14.0.txz Slackware 14.1 package: 6eb81ab4a6f09e4a8b4d4d5e7cbbda57 php-5.4.43-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 3a4a3f2d94af2fafb2a624d4c83c9ca3 php-5.4.43-x86_64-1_slack14.1.txz Slackware -current package: 020ea5fa030e4970859f79c598a1e9b5 n/php-5.6.11-i586-1.txz Slackware x86_64 -current package: 681ed93dadf75420ca2ee5d03b369da0 n/php-5.6.11-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.4.43-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Trust: 2.61

sources: NVD: CVE-2015-3415 // JVNDB: JVNDB-2015-002490 // BID: 74228 // VULHUB: VHN-81376 // VULMON: CVE-2015-3415 // PACKETSTORM: 132556 // PACKETSTORM: 133098 // PACKETSTORM: 132898 // PACKETSTORM: 141796 // PACKETSTORM: 141937 // PACKETSTORM: 132742

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 1.6

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 1.6

vendor:sqlitemodel:sqlitescope:lteversion:3.8.8.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.04

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.4.42

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.6.10

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.5.26

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.6.0

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.5.0

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.4.0

Trust: 1.0

vendor:sqlitemodel:sqlitescope:ltversion:3.8.9

Trust: 0.8

vendor:applemodel:mac os xscope:ltversion:10.6.8 or later 10.11

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch)

Trust: 0.8

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.3

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.02

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.1

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:sqlitemodel:sqlitescope:eqversion:3.5.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.4

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:9

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.1

Trust: 0.3

vendor:sqlitemodel:sqlitescope:eqversion:3.8.8

Trust: 0.3

vendor:sqlitemodel:sqlitescope:eqversion:3.6.20

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:sqlitemodel:sqlitescope:eqversion:3.8.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.3

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.44

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.3

Trust: 0.3

vendor:ibmmodel:security guardiumscope:eqversion:10.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.34

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.5

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:sqlitemodel:sqlitescope:neversion:3.8.9

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.3

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.03

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:15.04

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

sources: BID: 74228 // JVNDB: JVNDB-2015-002490 // CNNVD: CNNVD-201504-505 // NVD: CVE-2015-3415

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3415
value: HIGH

Trust: 1.0

NVD: CVE-2015-3415
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201504-505
value: HIGH

Trust: 0.6

VULHUB: VHN-81376
value: HIGH

Trust: 0.1

VULMON: CVE-2015-3415
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3415
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81376
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81376 // VULMON: CVE-2015-3415 // JVNDB: JVNDB-2015-002490 // CNNVD: CNNVD-201504-505 // NVD: CVE-2015-3415

PROBLEMTYPE DATA

problemtype:CWE-404

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-81376 // JVNDB: JVNDB-2015-002490 // NVD: CVE-2015-3415

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-505

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201504-505

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002490

PATCH

title:APPLE-SA-2015-09-21-1 watchOS 2url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

Trust: 0.8

title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Trust: 0.8

title:HT205213url:https://support.apple.com/en-us/HT205213

Trust: 0.8

title:HT205267url:https://support.apple.com/en-us/HT205267

Trust: 0.8

title:HT205267url:https://support.apple.com/ja-jp/HT205267

Trust: 0.8

title:HT205213url:https://support.apple.com/ja-jp/HT205213

Trust: 0.8

title:Ensure that comparison operators do not mess up the MEM_Dyn flag on registers when reverting affinity changes.url:https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30

Trust: 0.8

title:sqlite-amalgamation-3080900url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55210

Trust: 0.6

title:sqlite-autoconf-3080900url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55211

Trust: 0.6

title:Debian CVElist Bug Report Logs: sqlite3: CVE-2015-3414 CVE-2015-3415 CVE-2015-3416url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f3b20c41a92070ec876bf6271a150223

Trust: 0.1

title:Ubuntu Security Notice: sqlite3 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2698-1

Trust: 0.1

title:Red Hat: CVE-2015-3415url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-3415

Trust: 0.1

title:Debian Security Advisories: DSA-3252-1 sqlite3 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=77154669f815221143233607dd8533ab

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-591url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-591

Trust: 0.1

title:Apple: iTunes 12.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a68da1048a006f5980c613c06ab6fbb6

Trust: 0.1

title:Apple: iTunes 12.6 for Windowsurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a2320462745411a5547ed48fe868a9a6

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-561url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-561

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-562url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-562

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-563url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-563

Trust: 0.1

title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

sources: VULMON: CVE-2015-3415 // JVNDB: JVNDB-2015-002490 // CNNVD: CNNVD-201504-505

EXTERNAL IDS

db:NVDid:CVE-2015-3415

Trust: 3.5

db:BIDid:74228

Trust: 2.1

db:SECTRACKid:1033703

Trust: 1.8

db:JVNid:JVNVU97220341

Trust: 0.8

db:JVNid:JVNVU99970459

Trust: 0.8

db:JVNDBid:JVNDB-2015-002490

Trust: 0.8

db:CNNVDid:CNNVD-201504-505

Trust: 0.7

db:AUSCERTid:ESB-2020.3573.2

Trust: 0.6

db:AUSCERTid:ESB-2021.3221

Trust: 0.6

db:AUSCERTid:ESB-2021.2412

Trust: 0.6

db:AUSCERTid:ESB-2020.3573

Trust: 0.6

db:VULHUBid:VHN-81376

Trust: 0.1

db:VULMONid:CVE-2015-3415

Trust: 0.1

db:PACKETSTORMid:132556

Trust: 0.1

db:PACKETSTORMid:133098

Trust: 0.1

db:PACKETSTORMid:132898

Trust: 0.1

db:PACKETSTORMid:141796

Trust: 0.1

db:PACKETSTORMid:141937

Trust: 0.1

db:PACKETSTORMid:132742

Trust: 0.1

sources: VULHUB: VHN-81376 // VULMON: CVE-2015-3415 // BID: 74228 // JVNDB: JVNDB-2015-002490 // PACKETSTORM: 132556 // PACKETSTORM: 133098 // PACKETSTORM: 132898 // PACKETSTORM: 141796 // PACKETSTORM: 141937 // PACKETSTORM: 132742 // CNNVD: CNNVD-201504-505 // NVD: CVE-2015-3415

REFERENCES

url:http://seclists.org/fulldisclosure/2015/apr/31

Trust: 2.6

url:http://rhn.redhat.com/errata/rhsa-2015-1635.html

Trust: 2.2

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 2.1

url:https://security.gentoo.org/glsa/201507-05

Trust: 1.9

url:http://www.ubuntu.com/usn/usn-2698-1

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00005.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html

Trust: 1.8

url:http://www.securityfocus.com/bid/74228

Trust: 1.8

url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Trust: 1.8

url:https://support.apple.com/ht205213

Trust: 1.8

url:https://support.apple.com/ht205267

Trust: 1.8

url:https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30

Trust: 1.8

url:http://www.debian.org/security/2015/dsa-3252

Trust: 1.8

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:217

Trust: 1.8

url:http://www.securitytracker.com/id/1033703

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3415

Trust: 0.9

url:http://jvn.jp/vu/jvnvu97220341/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99970459/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3415

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-3415

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-3416

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-3414

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3221

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2412

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3573.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3573/

Trust: 0.6

url:https://www.sqlite.org/src/info/02e3c88fbf6abdcf

Trust: 0.3

url:https://www.sqlite.org/src/info/eddc05e7bb31fae7

Trust: 0.3

url:http://www.sqlite.org/src/info/0cdf502885ea7e58

Trust: 0.3

url:http://www.sqlite.org/src/info/c494171f77dc2e5e

Trust: 0.3

url:http://www.sqlite.org/

Trust: 0.3

url:https://support.apple.com/en-us/ht205212

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023457

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21981747

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21974989

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21981269

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21981270

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-7443

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2015-3415

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-5300

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-0718

Trust: 0.2

url:https://support.apple.com/kb/ht201222

Trust: 0.2

url:https://gpgtools.org

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-3720

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-6153

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-3270

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-6607

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-3560

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-1283

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-3717

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-6702

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-4472

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-1148

Trust: 0.2

url:https://www.apple.com/itunes/download/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-1147

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=39345

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2698-1/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3415

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3414

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3416

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3414

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3416

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/sqlite3/3.8.7.4-1ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/sqlite3/3.8.2-1ubuntu2.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/sqlite3/3.7.9-2ubuntu1.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2480

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5029

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2479

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2383

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2463

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2325

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4644

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4644

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4642

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3152

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3414

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2326

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4643

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2325

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4643

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4642

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3416

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2326

Trust: 0.1

sources: VULHUB: VHN-81376 // VULMON: CVE-2015-3415 // BID: 74228 // JVNDB: JVNDB-2015-002490 // PACKETSTORM: 132556 // PACKETSTORM: 133098 // PACKETSTORM: 132898 // PACKETSTORM: 141796 // PACKETSTORM: 141937 // PACKETSTORM: 132742 // CNNVD: CNNVD-201504-505 // NVD: CVE-2015-3415

CREDITS

Michal Zalewski

Trust: 0.3

sources: BID: 74228

SOURCES

db:VULHUBid:VHN-81376
db:VULMONid:CVE-2015-3415
db:BIDid:74228
db:JVNDBid:JVNDB-2015-002490
db:PACKETSTORMid:132556
db:PACKETSTORMid:133098
db:PACKETSTORMid:132898
db:PACKETSTORMid:141796
db:PACKETSTORMid:141937
db:PACKETSTORMid:132742
db:CNNVDid:CNNVD-201504-505
db:NVDid:CVE-2015-3415

LAST UPDATE DATE

2024-11-20T21:01:27.369000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-81376date:2018-07-19T00:00:00
db:VULMONid:CVE-2015-3415date:2018-07-19T00:00:00
db:BIDid:74228date:2017-03-29T00:01:00
db:JVNDBid:JVNDB-2015-002490date:2015-10-05T00:00:00
db:CNNVDid:CNNVD-201504-505date:2022-08-17T00:00:00
db:NVDid:CVE-2015-3415date:2022-08-16T13:33:26.213

SOURCES RELEASE DATE

db:VULHUBid:VHN-81376date:2015-04-24T00:00:00
db:VULMONid:CVE-2015-3415date:2015-04-24T00:00:00
db:BIDid:74228date:2015-03-19T00:00:00
db:JVNDBid:JVNDB-2015-002490date:2015-04-28T00:00:00
db:PACKETSTORMid:132556date:2015-07-07T15:33:51
db:PACKETSTORMid:133098date:2015-08-17T15:41:06
db:PACKETSTORMid:132898date:2015-08-03T01:16:09
db:PACKETSTORMid:141796date:2017-03-23T16:22:29
db:PACKETSTORMid:141937date:2017-03-28T23:44:44
db:PACKETSTORMid:132742date:2015-07-20T15:45:28
db:CNNVDid:CNNVD-201504-505date:2015-04-27T00:00:00
db:NVDid:CVE-2015-3415date:2015-04-24T17:59:01.377