Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-20223 (GCVE-0-2021-20223)
Vulnerability from cvelistv5
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-11-10T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20223",
"dateRejected": "2022-11-10T00:00:00",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2022-11-10T00:00:00",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-20223\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-08-25T20:15:08.833\",\"lastModified\":\"2023-11-07T03:29:00.910\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.\"}],\"metrics\":{},\"references\":[]}}"
}
}
gsd-2021-20223
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-20223",
"description": "An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode \"control-characters\" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.",
"id": "GSD-2021-20223"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-20223"
],
"details": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"id": "GSD-2021-20223",
"modified": "2023-12-13T01:23:12.099958Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-20223",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.34.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20223"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode \"control-characters\" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b"
},
{
"name": "https://www.sqlite.org/forum/forumpost/09609d7e22",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://www.sqlite.org/forum/forumpost/09609d7e22"
},
{
"name": "https://sqlite.org/src/info/b7b7bde9b7a03665",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://sqlite.org/src/info/b7b7bde9b7a03665"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-08-29T16:35Z",
"publishedDate": "2022-08-25T20:15Z"
}
}
}
ghsa-r7v8-jjhj-75h7
Vulnerability from github
Published
2022-08-26 00:03
Modified
2022-08-29 20:06
Severity ?
VLAI Severity ?
Details
An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.
{
"affected": [],
"aliases": [
"CVE-2021-20223"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-25T20:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode \"control-characters\" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.",
"id": "GHSA-r7v8-jjhj-75h7",
"modified": "2022-08-29T20:06:48Z",
"published": "2022-08-26T00:03:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20223"
},
{
"type": "WEB",
"url": "https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b"
},
{
"type": "WEB",
"url": "https://sqlite.org/src/info/b7b7bde9b7a03665"
},
{
"type": "WEB",
"url": "https://www.sqlite.org/forum/forumpost/09609d7e22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
cnvd-2022-62234
Vulnerability from cnvd
Title
SQLite存在未明漏洞(CNVD-2022-62234)
Description
SQLite是一款轻型的数据库,是遵守ACID的关系型数据库管理系统。
SQLite存在安全漏洞,该漏洞源于其ext/fts5/fts5_tokenize.c组件的fts5UnicodeTokenize()函数处理unicode“control-characters”(类Cc)的unicode61标记赋予器将嵌入的nul字符视为标记。目前没有详细漏洞细节提供。
Severity
高
VLAI Severity ?
Patch Name
SQLite存在未明漏洞(CNVD-2022-62234)的补丁
Patch Description
SQLite是一款轻型的数据库,是遵守ACID的关系型数据库管理系统。
SQLite存在安全漏洞,该漏洞源于其ext/fts5/fts5_tokenize.c组件的fts5UnicodeTokenize()函数处理unicode“control-characters”(类Cc)的unicode61标记赋予器将嵌入的nul字符视为标记。目前没有详细漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-20223
Impacted products
| Name | SQLite SQLite <3.34.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-20223",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-20223"
}
},
"description": "SQLite\u662f\u4e00\u6b3e\u8f7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u662f\u9075\u5b88ACID\u7684\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\n\nSQLite\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5176ext/fts5/fts5_tokenize.c\u7ec4\u4ef6\u7684fts5UnicodeTokenize()\u51fd\u6570\u5904\u7406unicode\u201ccontrol-characters\u201d(\u7c7bCc)\u7684unicode61\u6807\u8bb0\u8d4b\u4e88\u5668\u5c06\u5d4c\u5165\u7684nul\u5b57\u7b26\u89c6\u4e3a\u6807\u8bb0\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-62234",
"openTime": "2022-09-08",
"patchDescription": "SQLite\u662f\u4e00\u6b3e\u8f7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u662f\u9075\u5b88ACID\u7684\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nSQLite\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5176ext/fts5/fts5_tokenize.c\u7ec4\u4ef6\u7684fts5UnicodeTokenize()\u51fd\u6570\u5904\u7406unicode\u201ccontrol-characters\u201d(\u7c7bCc)\u7684unicode61\u6807\u8bb0\u8d4b\u4e88\u5668\u5c06\u5d4c\u5165\u7684nul\u5b57\u7b26\u89c6\u4e3a\u6807\u8bb0\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "SQLite\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-62234\uff09\u7684\u8865\u4e01",
"products": {
"product": "SQLite SQLite \u003c3.34.0"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-20223",
"serverity": "\u9ad8",
"submitTime": "2022-08-29",
"title": "SQLite\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-62234\uff09"
}
CERTFR-2022-AVI-1020
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP SuccessFactors attachmentAPI pour Mobile Application (Android et iOS) versions antérieures à 8.1.2 | ||
| SAP | N/A | SAP Biller Direct versions-635, 750 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005, 2105, 2011, 2205 | ||
| SAP | N/A | SAP GUI pour Windows version 7.70 | ||
| SAP | N/A | SAP SQL Anywhere version 17.0 | ||
| SAP | SAP Financial Consolidation | SAP Financial Consolidation version 1010 | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | SAP NetWeaver Application Server ABAP et ABAP Platform versions 700, 731, 804, 740, 750, 789 | ||
| SAP | N/A | SAP NetWeaver ABAP Server et ABAP Platform versions 700, 731, 740, 750, 789 | ||
| SAP | N/A | SAP 3D Visual Enterprise Author,Version 9.0 | ||
| SAP | N/A | SAP 3D Visual Enterprise Viewer,Version 9.0 | ||
| SAP | N/A | SAPUI5 versions 754, 755, 756, 757 | ||
| SAP | N/A | SAPUI5 CLIENT RUNTIME versions 600, 700, 800, 900, 1000 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Central Management Console et BI Launchpad) versions 4.2, 4.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP SuccessFactors attachmentAPI pour Mobile Application (Android et iOS) versions ant\u00e9rieures \u00e0 8.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Biller Direct versions-635, 750",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005, 2105, 2011, 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP GUI pour Windows version 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP SQL Anywhere version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Financial Consolidation version 1010",
"product": {
"name": "SAP Financial Consolidation",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server ABAP et ABAP Platform versions 700, 731, 804, 740, 750, 789",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server et ABAP Platform versions 700, 731, 740, 750, 789",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Author,Version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Viewer,Version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions 754, 755, 756, 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 CLIENT RUNTIME versions 600, 700, 800, 900, 1000",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Central Management Console et BI Launchpad) versions 4.2, 4.3",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35291"
},
{
"name": "CVE-2022-41203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41203"
},
{
"name": "CVE-2022-41259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41259"
},
{
"name": "CVE-2022-41258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41258"
},
{
"name": "CVE-2022-41214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41214"
},
{
"name": "CVE-2022-41212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41212"
},
{
"name": "CVE-2022-41211",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41211"
},
{
"name": "CVE-2022-41208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41208"
},
{
"name": "CVE-2022-41204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41204"
},
{
"name": "CVE-2022-41260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41260"
},
{
"name": "CVE-2022-41205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41205"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-41215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41215"
},
{
"name": "CVE-2022-41207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41207"
},
{
"name": "CVE-2021-20223",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20223"
}
],
"initial_release_date": "2022-11-10T00:00:00",
"last_revision_date": "2022-11-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1020",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 09 novembre 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026todaysdate=2022-11-09"
}
]
}
fkie_cve-2021-20223
Vulnerability from fkie_nvd
Published
2022-08-25 20:15
Modified
2023-11-07 03:29
Severity ?
Summary
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"id": "CVE-2021-20223",
"lastModified": "2023-11-07T03:29:00.910",
"metrics": {},
"published": "2022-08-25T20:15:08.833",
"references": [],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Rejected"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…