VULNERA Pulse

Google — Chromium V8 Engine

CVE-2022-3723 / Added: Oct. 28, 2022

HIGH CVSS 8.80

Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time.

Headlines

• Nov. 9, 2022 - Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days
• Oct. 30, 2022 - Google urgently fixes a critical flaw in Chrome: update now!
• Oct. 29, 2022 - Chrome issues urgent zero-day fix – update now!
• Oct. 29, 2022 - Ireland Pottery, Spritacular, Image Creator, More: Saturday ResearchBuzz, October 29, 2022
• Oct. 28, 2022 - Want to protect yourself? Install Chrome 107 now
• Oct. 28, 2022 - Google Issues Urgent Zero-Day Patch For Billions Of Chrome Users, Update ASAP
• Oct. 28, 2022 - Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year
• Oct. 28, 2022 - Google fixes seventh Chrome zero-day exploited in attacks this year
• Oct. 28, 2022 - Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
• Oct. 28, 2022 - Emergency Chrome Security Update—Google Confirms 0Day Attack Threat

Back to top ↑

CVE-2022-20961

HIGH CVSS 8.80

Risk Context N/A

Published: Nov. 4, 2022

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user.

Vendor Impacted: Cisco

Product Impacted: Identity Services Engine

Quotes

• A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device - Security Affairs
• A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to - SecurityWeek
• Could allow the attacker to list, download, and delete certain files that they should not have access to - iTnews - Security

Headlines

• Nov. 4, 2022 - Cisco addressed several high-severity flaws in its products
• Nov. 3, 2022 - Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products
• Nov. 3, 2022 - Cisco's patch day plugs six vulnerabilities
• Nov. 2, 2022 - Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

CVE-2022-20958

HIGH CVSS 8.80

Risk Context N/A

Published: Nov. 4, 2022

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]

Vendor Impacted: Cisco

Product Impacted: Broadworks Commpilot Application

Quotes

• A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to - SecurityWeek
• Could allow the attacker to list, download, and delete certain files that they should not have access to - iTnews - Security

Headlines

• Nov. 3, 2022 - Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products
• Nov. 3, 2022 - Cisco's patch day plugs six vulnerabilities
• Nov. 2, 2022 - Cisco BroadWorks CommPilot Application Software Vulnerabilities

CVE-2022-20956

HIGH CVSS 8.80

Risk Context N/A

Published: Nov. 4, 2022

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"]

Vendor Impacted: Cisco

Product Impacted: Identity Services Engine

Quotes

• A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device - Security Affairs
• A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to - SecurityWeek
• Could allow the attacker to list, download, and delete certain files that they should not have access to - iTnews - Security

Headlines

• Nov. 4, 2022 - Cisco addressed several high-severity flaws in its products
• Nov. 3, 2022 - Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products
• Nov. 3, 2022 - Cisco's patch day plugs six vulnerabilities
• Nov. 2, 2022 - Cisco Identity Services Engine Insufficient Access Control Vulnerability

CVE-2022-20951

MEDIUM CVSS 6.50

Risk Context N/A

Published: Nov. 4, 2022

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]

Vendor Impacted: Cisco

Product Impacted: Broadworks Messaging Server

Quotes

• A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to - SecurityWeek
• Could allow the attacker to list, download, and delete certain files that they should not have access to - iTnews - Security

Headlines

• Nov. 3, 2022 - Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products
• Nov. 3, 2022 - Cisco's patch day plugs six vulnerabilities
• Nov. 2, 2022 - Cisco BroadWorks CommPilot Application Software Vulnerabilities

CVE-2022-20868

HIGH CVSS 8.80

Risk Context N/A

Published: Nov. 4, 2022

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account.

Vendor Impacted: Cisco

Products Impacted: Secure Email Gateway, Secure Web Appliance, Asyncos

Quotes

• A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device - Security Affairs
• A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to - SecurityWeek
• Could allow the attacker to list, download, and delete certain files that they should not have access to - iTnews - Security

Headlines

• Nov. 4, 2022 - Cisco addressed several high-severity flaws in its products
• Nov. 3, 2022 - Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products
• Nov. 3, 2022 - Cisco's patch day plugs six vulnerabilities
• Nov. 2, 2022 - Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Next Generation Management Vulnerabilities

CVE-2022-20867

MEDIUM CVSS 6.50

Risk Context N/A

Published: Nov. 4, 2022

A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.

Quotes

• A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device - Security Affairs
• A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to - SecurityWeek
• Could allow the attacker to list, download, and delete certain files that they should not have access to - iTnews - Security

Headlines

• Nov. 4, 2022 - Cisco addressed several high-severity flaws in its products
• Nov. 3, 2022 - Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products
• Nov. 3, 2022 - Cisco's patch day plugs six vulnerabilities
• Nov. 2, 2022 - Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Next Generation Management Vulnerabilities

CVE-2022-3723

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited

Published: Nov. 1, 2022

Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor Impacted: Google

Product Impacted: Chromium V8 Engine

Quotes

• Hey, when we get programmable computers, this is going to change the world! - Naked Security - Sophos
• Aware of reports that an exploit for CVE-2022-3723 exists in the wild - Security Latest
• Is aware of a report that [an] issue may have been actively exploited - Naked Security - Sophos

Headlines

• Nov. 3, 2022 - S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]
• Oct. 31, 2022 - You Need to Update Google Chrome, Windows, and Zoom Right Now
• Oct. 30, 2022 - Google urgently fixes a critical flaw in Chrome: update now!
• Oct. 29, 2022 - Chrome issues urgent zero-day fix – update now!
• Oct. 29, 2022 - Ireland Pottery, Spritacular, Image Creator, More: Saturday ResearchBuzz, October 29, 2022

CVE-2022-3786

HIGH CVSS 7.50

Actively Exploited Public Exploits Available

Published: Nov. 1, 2022

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

Vendor Impacted: Fedoraproject

Product Impacted: Fedora

Quotes

• You! A man from Germany, come on, come out! But that's a catastrophe that Biden has brought to them. How nice was it when Merkel was there? - Blog – Hackaday
• A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device - Security Affairs
• Hey, when we get programmable computers, this is going to change the world! - Naked Security - Sophos
• A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to - SecurityWeek
• X.509 email address 4-byte buffer overflow - infosecurity-magazine.com
• The first, CVE-2022-3786, allows a threat actor to - Security Affairs
• Either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer - The Register - Security
• X.509 Email Address Variable Length Buffer Overflow - Latest news
• Firstly, we had reports that on certain Linux distributions the stack layout was such that the 4 bytes overwrote an adjacent buffer that was yet to be used and therefore there was no crash or ability to cause remote code execution - iTnews - Security
• The impact is expected to be minimal due to the complexity of the attack and the limitations in how it can be carried out - Dark Reading
• A regression [an old bug that reappeared] introduced in OpenSSL 1.1.1r not refreshing the certificate data to be signed before signing the certificate - Naked Security - Sophos
• Can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution - CISA Current Activity
• Any OpenSSL 3.0 application that verifies X.509 certificates received from untrusted sources should be considered vulnerable - CSO Online
• The bugs were introduced as part of punycode decoding functionality (currently only used for processing email address name constraints in X.509 certificates) - The Daily Swig | Cybersecurity news and views
• An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack - SecurityWeek
• We still consider these issues to be serious vulnerabilities and affected users are encouraged to upgrade as soon as possible - BleepingComputer
• In a TLS client, this can be triggered by connecting to a malicious server - The Hacker News

Headlines

• Nov. 4, 2022 - This Week in Security: OpenSSL Fizzle, Java XML, and Nothing As It Seems
• Nov. 4, 2022 - Cisco addressed several high-severity flaws in its products
• Nov. 3, 2022 - S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]
• Nov. 3, 2022 - OpenSSL Fiasco: What can DevOps Learn? | Elon Fires ‘50%’ of Twitter
• Nov. 3, 2022 - Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products
• Nov. 3, 2022 - OpenSSL 3.0.7 security fix: Should Opera users be worried?
• Nov. 3, 2022 - VyOS: Recent OpenSSL vulnerabilities do not affect any VyOS versions
• Nov. 3, 2022 - OpenSSL Hit by Two High Severity Vulnerabilities, Recently Patched
• Nov. 3, 2022 - Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)
• Nov. 2, 2022 - OpenSSL vulnerability now rated ‘high’ but should be taken seriously
• Nov. 2, 2022 - OpenSSL 3.0 RCE
• Nov. 2, 2022 - High-Severity OpenSSL Vulnerabilities Fixed
• Nov. 2, 2022 - Red Hat (IBM) Hyped Up a Fair Pair of Flaws That Isn't Critical, Isn't Actively Exploited, and Even Red Hat's Distro Isn't Patching Yet
• Nov. 2, 2022 - OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week
• Nov. 2, 2022 - OpenSSL Security Advisory Downgraded to High Severity
• Nov. 2, 2022 - OpenSSL 3.0.7 Fixes Two High-CVEs with Buffer Overflow
• Nov. 2, 2022 - OpenSSL fixed two high-severity vulnerabilities
• Nov. 1, 2022 - OpenSSL downgrades horror bug after week of panic, hype
• Nov. 1, 2022 - OpenSSL dodges a security bullet
• Nov. 1, 2022 - OpenSSL downgrades email address bug from critical to high
• Nov. 1, 2022 - The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical
• Nov. 1, 2022 - OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!
• Nov. 1, 2022 - OpenSSL Releases Security Update
• Nov. 1, 2022 - OpenSSL project patches two vulnerabilities but downgrades severity
• Nov. 1, 2022 - Threat Advisory: High Severity OpenSSL Vulnerabilities
• Nov. 1, 2022 - OpenSSL vulnerability downgraded to ‘high’ severity
• Nov. 1, 2022 - OpenSSL Security Advisories - November 2022
• Nov. 1, 2022 - Anxiously Awaited OpenSSL Vulnerability's Severity Downgraded From Critical to High
• Nov. 1, 2022 - OpenSSL fixes two high severity vulnerabilities, what you need to know
• Nov. 1, 2022 - OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

CVE-2022-3602

HIGH CVSS 7.50

Remote Code Execution Public Exploits Available

Published: Nov. 1, 2022

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

Vendor Impacted: Fedoraproject

Product Impacted: Fedora

Quotes

• You! A man from Germany, come on, come out! But that's a catastrophe that Biden has brought to them. How nice was it when Merkel was there? - Blog – Hackaday
• A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device - Security Affairs
• In nearly 15 percent of engagements this quarter, adversaries identified and/or exploited misconfigured public-facing applications by conducting SQL injection attacks against external websites, exploiting Log4Shell in vulnerable versions of VMware Horizon, and targeting misconfigured and/or publicly exposed servers - Cisco Talos Blog
• A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to - SecurityWeek
• X.509 email address 4-byte buffer overflow - infosecurity-magazine.com
• The first, CVE-2022-3786, allows a threat actor to - Security Affairs
• Either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer - The Register - Security
• X.509 Email Address Variable Length Buffer Overflow - Latest news
• Firstly, we had reports that on certain Linux distributions the stack layout was such that the 4 bytes overwrote an adjacent buffer that was yet to be used and therefore there was no crash or ability to cause remote code execution - iTnews - Security
• The impact is expected to be minimal due to the complexity of the attack and the limitations in how it can be carried out - Dark Reading
• A regression [an old bug that reappeared] introduced in OpenSSL 1.1.1r not refreshing the certificate data to be signed before signing the certificate - Naked Security - Sophos
• Can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution - CISA Current Activity
• Any OpenSSL 3.0 application that verifies X.509 certificates received from untrusted sources should be considered vulnerable - CSO Online
• The bugs were introduced as part of punycode decoding functionality (currently only used for processing email address name constraints in X.509 certificates) - The Daily Swig | Cybersecurity news and views
• An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack - SecurityWeek
• We still consider these issues to be serious vulnerabilities and affected users are encouraged to upgrade as soon as possible - BleepingComputer
• In a TLS client, this can be triggered by connecting to a malicious server - The Hacker News

Headlines

• Nov. 4, 2022 - Node v18.12.1 (LTS)
• Nov. 4, 2022 - This Week in Security: OpenSSL Fizzle, Java XML, and Nothing As It Seems
• Nov. 4, 2022 - Cisco addressed several high-severity flaws in its products
• Nov. 4, 2022 - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
• Nov. 3, 2022 - Threat Source newsletter (Nov. 3, 2022): Mastodon, evolution, and LiveJournal oh my!
• Nov. 3, 2022 - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
• Nov. 3, 2022 - OpenSSL Fiasco: What can DevOps Learn? | Elon Fires ‘50%’ of Twitter
• Nov. 3, 2022 - Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products
• Nov. 3, 2022 - OpenSSL 3.0.7 security fix: Should Opera users be worried?
• Nov. 3, 2022 - VyOS: Recent OpenSSL vulnerabilities do not affect any VyOS versions
• Nov. 3, 2022 - OpenSSL Hit by Two High Severity Vulnerabilities, Recently Patched
• Nov. 3, 2022 - Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)
• Nov. 2, 2022 - OpenSSL vulnerability now rated ‘high’ but should be taken seriously
• Nov. 2, 2022 - OpenSSL 3.0 RCE
• Nov. 2, 2022 - High-Severity OpenSSL Vulnerabilities Fixed
• Nov. 2, 2022 - Red Hat (IBM) Hyped Up a Fair Pair of Flaws That Isn't Critical, Isn't Actively Exploited, and Even Red Hat's Distro Isn't Patching Yet
• Nov. 2, 2022 - OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week
• Nov. 2, 2022 - OpenSSL downgrades horror bug after week of panic, hype
• Nov. 2, 2022 - OpenSSL Security Advisory Downgraded to High Severity
• Nov. 2, 2022 - OpenSSL 3.0.7 Fixes Two High-CVEs with Buffer Overflow
• Nov. 2, 2022 - OpenSSL fixed two high-severity vulnerabilities
• Nov. 1, 2022 - OpenSSL dodges a security bullet
• Nov. 1, 2022 - Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
• Nov. 1, 2022 - OpenSSL downgrades email address bug from critical to high
• Nov. 1, 2022 - The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical
• Nov. 1, 2022 - OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!
• Nov. 1, 2022 - OpenSSL Releases Security Update
• Nov. 1, 2022 - OpenSSL project patches two vulnerabilities but downgrades severity
• Nov. 1, 2022 - Threat Advisory: High Severity OpenSSL Vulnerabilities
• Nov. 1, 2022 - OpenSSL vulnerability downgraded to ‘high’ severity
• Nov. 1, 2022 - OpenSSL Security Advisories - November 2022
• Nov. 1, 2022 - Anxiously Awaited OpenSSL Vulnerability's Severity Downgraded From Critical to High
• Nov. 1, 2022 - OpenSSL fixes two high severity vulnerabilities, what you need to know
• Nov. 1, 2022 - OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

CVE-2022-35737

HIGH CVSS 7.50

Public Exploits Available

Published: Aug. 3, 2022

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Vendor Impacted: Sqlite

Product Impacted: Sqlite

Quotes

• May not have seemed like an error - The Daily Swig | Cybersecurity news and views

Headlines

• Nov. 3, 2022 - CVE-2022-35737 vulnerability in SQLite | Kaspersky official blog
• Oct. 31, 2022 - SQLite patches 22-year-old code execution, denial of service vulnerability