#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
SaaS Security

sqlite | Breaking Cybersecurity News | The Hacker News

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

Oct 25, 2022
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as  CVE-2022-35737  (CVSS score: 7.5), the 22-year-old issue affects SQLite versions  1.0.12  through 3.39.1, and has been addressed in  version 3.39.2  released on July 21, 2022. "CVE-2022-35737 is  exploitable  on 64-bit systems, and exploitability depends on how the program is compiled," Trail of Bits researcher Andreas Kellas  said  in a technical write-up published today. "Arbitrary code execution is confirmed when the library is compiled without stack canaries, but unconfirmed when stack canaries are present, and denial-of-service is confirmed in all cases." Programmed in C, SQLite is the most widely used database engine , included by default in Android, iOS, Windows, and macOS, as well as popular web browsers such as Googl
Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers

Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers

Dec 15, 2018
Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers. Dubbed as ' Magellan ' by Tencent's Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications. SQLite is a lightweight, widely used disk-based relational database management system that requires minimal support from operating systems or external libraries, and hence compatible with almost every device, platform, and programming language. SQLite is the most widely deployed database engine in the world today, which is being used by millions of applications with literally billions of deployments, including IoT devices, macOS and Windows apps, including major web browsers, such as Adobe software, Skype and more. Since Chromium-based web browsers—including Google Chrome, Opera, Vivaldi, and
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Cybersecurity Resources