107 matches found
FreeBSD : firefox -- Crash in TransportSecurityInfo due to cached data (3284d948-140c-4a3e-aa76-3b440e2006a8)
The Mozilla Foundation reports : A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into...
CVE-2018-12385
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...
Security vulnerabilities fixed in Firefox 62.0.2 — Mozilla
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...
Red Hat SSSD Information Disclosure Vulnerability
SSSD is a daemon for managing access to remote directories and authentication mechanisms. An information disclosure vulnerability exists in the 'sysdbsearchuserbyupnres' function in Red Hat SSSD versions prior to 1.16.0, which stems from the program failing to filter requests when querying the...
CVE-2017-12173
It was found that sssd's sysdbsearchuserbyupnres function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this fla...
sssd and ding-libs security and bug fix update
ding-libs 0.4.0-13 - Resolves: rhbz1538061 - sssd/libiniconfig cannot parse configuration file with line longer than 5102 0.4.0-12 - Related: rhbz1377213 - ding-libs dont parse lines without an equal sign sssd 1.13.3-60.0.1 - Orabug 26746822 - revert patch 0118 to fix LDAP netgroup lookup problem...
sssd: unsanitized input when searching in local cache database
It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve ...
RHEL 6 : sssd and ding-libs (RHSA-2018:1877)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1877 advisory. The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It...
USN-3526-1 sssd vulnerability
It was discovered that SSSD incorrectly handled certain inputs when querying its local cache. An attacker could use this to inject arbitrary code and expose sensitive information...
sssd: unsanitized input when searching in local cache database
It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve ...
SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2017:2937-1)
This update for sssd provides the following fixes: Security issues fixed : - CVE-2017-12173: Fixed unsanitized input when searching in local cache database bsc1061832. Non security issues fixed : - Fixed a segfault issue in ldaprfc2307fallbacktolocalusers. bsc1055123 - Install /var/lib/sss/mc...
SUSE-SU-2017:2937-1 Security update for sssd
This update for sssd provides the following fixes: Security issues fixed: - CVE-2017-12173: Fixed unsanitized input when searching in local cache database bsc1061832. Non security issues fixed: - Fixed a segfault issue in ldaprfc2307fallbacktolocalusers. bsc1055123 - Install /var/lib/sss/mc...
WEM : "No available configuration source detected, Local cache Not Found or not initialized!"
WEM Agent not registering with WEM Broker and the following WEM Agent error is present in the Agent Session Logs: "No available configuration source detected, Local cache Not Found or not initialized!"...
CVE-2017-12173
It was found that sssd's sysdbsearchuserbyupnres function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this fla...
CVE-2017-12173
It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve...
CVE-2016-2972
CVE-2016-2972 affects IBM Sametime Meeting Server 8.5.2 and 9.0, where credentials for Sametime Meetings could be stored in the local browser cache and accessed by a local user. The NVD entry lists a low CVSS v2 impact (AV:L, AC:L, C:P, I:N, A:N) and a higher CVSS v3 impact (CVSS:3.0: AV:L, AC:L,...
Information disclosure
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation...
CVE-2015-1996
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation...
Mozilla Foundation Security Advisory 2008-47
Mozilla Foundation Security Advisory 2008-47 Title: Information stealing via local shortcut files Impact: Moderate Announced: November 12, 2008 Reporter: Liu Die Yu Products: Firefox, SeaMonkey Fixed in: Firefox 3.0.4 Firefox 2.0.0.18 SeaMonkey 1.1.13 Description Security researcher Liu Die Yu of...
Mozilla Firefox < 2.0.0.18 Multiple Vulnerabilities
Binary data 4751.prm...