CVE-2015-3415

HIGH Year: 2015
CVSS v2 Score
7.5
High
Weakness Type
CWE-404
View all →

Vulnerability Description

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

Related Vulnerabilities

CVE-2023-24444

CRITICAL
CVSS:9.8(Critical)

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.

CWE-4042023

CVE-2024-31611

CRITICAL
CVSS:9.1(Critical)

SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.

CWE-4042024

CVE-2018-8450

HIGH
CVSS:8.8(High)

A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Wi...

CWE-4042018

CVE-2017-1145

HIGH
CVSS:8.6(High)

IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: ...

CWE-4042017

CVE-2019-1706

HIGH
CVSS:8.6(High)

A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could all...

CWE-4042019

CVE-2019-1708

HIGH
CVSS:8.6(High)

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (F...

CWE-4042019