Windows 10: SQLITE vulnerability CVE-2018-20346, CVE-2018-20505, CVE-2018-20506

Discus and support SQLITE vulnerability CVE-2018-20346, CVE-2018-20505, CVE-2018-20506 in AntiVirus, Firewalls and System Security to solve the problem; There is a reported vulnerability in older versions of SQLITE: See 21th Dec 2018 CVE ID has been assigned as CVE-2018-20346, CVE-2018-20505,... Discussion in 'AntiVirus, Firewalls and System Security' started by TD47, Jan 3, 2019.

  1. TD47
    TD47 Win User

    SQLITE vulnerability CVE-2018-20346, CVE-2018-20505, CVE-2018-20506


    There is a reported vulnerability in older versions of SQLITE:

    See 21th Dec 2018 CVE ID has been assigned as CVE-2018-20346, CVE-2018-20505, CVE-2018-20506

    https://blade.tencent.com/magellan/index_en.html

    and

    https://worthdoingbadly.com/sqlitebug/

    However, I see that the Windows Update Installer Patch Cache uses sqlite.dll version 15.7.20033 (dated 2015):

    C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\sqlite.dll

    Since this is 3 years old, does anyone know if this is vulnerable?

    :)
     
    TD47, Jan 3, 2019
    #1
  2. VIGNESHKUMAR K
    VigneshKumar K Win User

    How to find the KB name with CVE ?

    Hi Vaneesa,

    Thanks for your info.

    But i couldn't find the KB for this below CVE . can you try ?

    CVE 2017-5715

    CVE-2017-5754

    CVE-2017-5753
     
    VigneshKumar K, Jan 3, 2019
    #2
  3. VANESSA YAR
    Vanessa Yar Win User
    How to find the KB name with CVE ?

    Hi Vignesh,

    You can use this link to search for the correct KB patch to download. In case the CVE details you received is regarding
    CVE-2048-1038, then you may look into the link
    Windows kernel update for CVE-2018-1038     to get the appropriate KB article and to know how to download the update.

    Should you have further query, feel free to reply to this thread.

    Regards.
     
    Vanessa Yar, Jan 3, 2019
    #3
  4. NICK ADSL UK
    NICK ADSL UK Win User

    SQLITE vulnerability CVE-2018-20346, CVE-2018-20505, CVE-2018-20506

    Microsoft December 2018 Security Updates

    Security Update Guide
    > Release Notes
    Release Notes
    December 2018 Security Updates
    Release Date: December 11, 2018

    The December security release consists of security updates for the following software:

    • Adobe Flash Player
    • Internet Explorer
    • Microsoft Edge
    • Microsoft Windows
    • Microsoft Office and Microsoft Office Services and Web Apps
    • ChakraCore
    • .NET Framework
    • Microsoft Dynamics NAV
    • Microsoft Exchange Server
    • Microsoft Visual Studio
    • Windows Azure Pack (WAP)
    Please note the following information regarding the security updates:

    • A list of the latest servicing stack updates for each operating system can be found in

      ADV990001      . This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the

      Microsoft Update Catalog      .
    • Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
    • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via

      Windows Update      .
    • For information on lifecycle and support dates for Windows 10 operating systems, please see

      Windows Lifecycle Facts Sheet      .
    • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

    Known Issues

    {{windowTitle}}
     
    NICK ADSL UK, Jan 3, 2019
    #4
Thema:

SQLITE vulnerability CVE-2018-20346, CVE-2018-20505, CVE-2018-20506

Loading...

  1. SQLITE vulnerability CVE-2018-20346, CVE-2018-20505, CVE-2018-20506 - Similar Threads - SQLITE vulnerability CVE

  2. CVE-2023-38545 cURL vulnerability

    in Windows 10 Gaming
    CVE-2023-38545 cURL vulnerability: Hello!I have a lot of workstations affected by this that are being classified as vulnerable by Tenable. All of these have cURL onboard pre-installed on the machines. I see this means we have to wait for Microsoft to release an update. Can someone please provide any idea as to...

  3. CVE-2023-38545 cURL vulnerability

    in Windows 10 Software and Apps
    CVE-2023-38545 cURL vulnerability: Hello!I have a lot of workstations affected by this that are being classified as vulnerable by Tenable. All of these have cURL onboard pre-installed on the machines. I see this means we have to wait for Microsoft to release an update. Can someone please provide any idea as to...

  4. Vulnerability CVE-2021-36934

    in Windows 10 BSOD Crashes and Debugging
    Vulnerability CVE-2021-36934: I saw in the press that an additional vulnerability of Windows 10, known as CVE-2021-36934, can be remedied at list until a Microsoft patch is available by running as administrator Win 10 Powershell and then typing: icacls $env:windir\system32\config\*.*...

  5. CVE-2020-1425 and CVE-2020-1457

    in Windows 10 News
    CVE-2020-1425 and CVE-2020-1457: Windows Codec Library vulnerabilities. Fixes auto-updated via Microsoft Store, not WU. https://portal.msrc.microsoft.com/en.../CVE-2020-1425 and https://portal.msrc.microsoft.com/en.../CVE-2020-1457 159755

  6. CVE-2018-8512 - Microsoft Edge Security Feature Bypass Vulnerability

    in Windows 10 News
    CVE-2018-8512 - Microsoft Edge Security Feature Bypass Vulnerability: A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker...

  7. CVE-2018-8421 - .NET Framework Remote Code Execution Vulnerability

    in Windows 10 News
    CVE-2018-8421 - .NET Framework Remote Code Execution Vulnerability: A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a...

  8. CVE-2018-8245 Microsoft Publisher Remote Code Execution Vulnerability

    in Windows 10 News
    CVE-2018-8245 Microsoft Publisher Remote Code Execution Vulnerability: A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the...

  9. CVE-2018-0986 | Microsoft Malware Protection Engine Vulnerability

    in Windows 10 News
    CVE-2018-0986 | Microsoft Malware Protection Engine Vulnerability: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security...

  10. CVE-2018-3612 - Intel NUC BIOS SW SMI Call-Out vulnerability

    in Windows 10 News
    CVE-2018-3612 - Intel NUC BIOS SW SMI Call-Out vulnerability: Intel® NUC BIOS SW SMI Call-Out Intel ID: INTEL-SA-00110 Product family: Intel® NUC Kits Impact of vulnerability: Elevation of Privilege Severity rating: Important Original release: Apr 17, 2018 Last revised: Apr 17, 2018 Summary: This update will improve the...

Users found this page by searching for:

  1. CVE-2018-20346 patch