Vulnerability in core server (CVE-2005-0227)

Any database user is permitted to load arbitrary shared libraries using the LOAD command. A valid login is required to exploit this vulnerability...

PT-2005-1308 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 7.2.x through 7.4.x PostgreSQL affected versions not specified Description: The issue allows local users to load arbitrary shared libraries and execute code via the LOAD extension. Any database user is permitted to load...

CVE-2004-0884

The 1 libsasl and 2 libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASLPATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASLPATH to point to malicious programs...

CVE-2004-0821

The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges...

Low: Red Hat Security Advisory: mysql security update

Updated mysql packages that fix various temporary file security issues, as well as a number of bugs, are now available. MySQL is a multi-user, multi-threaded SQL database server. This update fixes a number of small bugs, including some potential security problems associated with careless handling...

Debian DSA-037-1 : Athena Widget replacement libraries - insecure tempfile handling

It has been reported that the AsciiSrc and MultiSrc widget in the Athena widget library handle temporary files insecurely. Joey Hess has ported the bugfix from XFree86 to these Xaw replacements libraries. The fixes are available in nextaw 0.5.1-34potato1, xaw3d 1.3-6.9potato1, and xaw95...

CVE-2004-0821

CVE-2004-0821 concerns the Mac OS X Core Foundation CFPlugIn facilities: the CoreFoundation CFPlugIn loader could load user-supplied libraries, potentially allowing a local attacker to gain elevated privileges. Public sources (NVD entry for CVE-2004-0821 and CERT/Apple advisories) describe the vu...

PT-2004-1058 · Mit +1 · Krb5-Server +5

Name of the Vulnerable Software and Affected Versions: krb5-devel versions 1.2.2 krb5-server versions 1.2.2 krb5-libs versions 1.2.2 krb5-workstation versions 1.2.2 MIT Kerberos 5 krb5 versions prior to 1.3.4 Description: The issue concerns multiple vulnerabilities in the krb5 package of Red Hat...

security flaw

Double free vulnerabilities in the error handling code for ASN.1 decoders in the 1 Key Distribution Center KDC library and 2 client library for MIT Kerberos 5 krb5 1.3.4 and earlier may allow remote attackers to execute arbitrary code...

Netscape NSS libraries buffer overflow

Buffer overflow during SSL negotiation...

Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)

A number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth...

CVE-2003-1052

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs...

RHEL 2.1 : glibc (RHSA-2004:383)

Updated glibc packages that fix a security flaw in the resolver as well as dlclose handling are now available. The GNU libc packages known as glibc contain the standard C libraries used by applications. A security audit of the glibc packages in Red Hat Enterprise Linux 2.1 found a flaw in the...

CVE-2004-1364

Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLEHOME\bin directory...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:089)

Several vulnerabilities were discovered by bleximathush.com in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and enumerati...

RHEL 2.1 : XFree86 (RHSA-2003:289)

Updated XFree86 packages provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers. XDM is the X display manager. Multiple integer overflows in the transfer and enumeration of font libraries ...

RHEL 2.1 : bind (RHSA-2002:119)

Version 9 of ISC BIND, prior to version 9.2.1, contained a denial of service DoS attack vulnerability. Various versions of the ISC BIND resolver libraries are vulnerable to a buffer overflow attack. ISC BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocol...

RHEL 2.1 / 3 : kdelibs (RHSA-2004:222)

Updated kdelibs packages that fix telnet URI handler and mailto URI handler file vulnerabilities are now available. The kdelibs packages include libraries for the K Desktop Environment. KDE Libraries include: kdecore KDE core library, kdeui user interface, kfm file manager, khtmlw HTML widget, ki...

[SECURITY] [DSA 518-1] New kdelibs packages fix URI handler vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 518-1 [email protected] http://www.debian.org/security/ Martin Schulze June 14th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 518-1] New kdelibs packages fix URI handler vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 518-1 [email protected] http://www.debian.org/security/ Martin Schulze June 14th, 2004 http://www.debian.org/security/faq -...