openSUSE Security Advisory (SUSE-SU-2024:3924-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python310 (SUSE-SU-2024:2414-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2414-1 advisory. - CVE-2024-4032: Rearranging definition of private v global IP. bsc1226448 Tenable has extracted the...

dbm-tv.fr Cross Site Scripting vulnerability OBB-3314151

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

[SECURITY] Fedora 35 Update: q-7.11-44.fc35

Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced application...

db-systray (>=0.1.0 <=0.1.2), dbm-systray (>=0.1.3 <=0.2.0) +6 more potentially affected by CVE-2021-23404 via sqlite-web (>=0.6.8 <=0.7.2)

sqlite-web PYPI version =0.6.8, =0.1.0, =0.1.3, =0.0.2, =0.0.2, =0.0.1, =0.2.1, =0.1.8, =0.2.6 Source cves: CVE-2021-23404 Source advisory: SNYK:PYTHON-SQLITEWEB-1316324...

Heap overflow

Heap-based buffer overflow in the hashopen function in lib/dbm/src/hash.c in Mozilla Network Security Services NSS allows context-dependent attackers to have unspecified impact using a crafted cert8.db file...

CVE-2017-11696

CVE-2017-11696 is a heap-based buffer overflow in NSS (hash_open in lib/dbm/src/hash.c) exploitable via a crafted cert8.db file. Connected sources confirm the NSS library is affected and provide remediation guidance: upgrade to a newer NSS version, e.g., Gentoo GLSA-202003-37/GLSA 202003-37 recom...

CVE-2017-11695

CVE-2017-11695 : Heap-based buffer overflow in the alloc_segs function of NSS (lib/dbm/src/hash.c) used by Mozilla NSS when processing crafted cert8.db files. Exploitation is context-dependent with unspecified impact per the entry. Public details explicitly describe the overflow but do not specif...

CVE-2017-11695

Heap-based buffer overflow in the allocsegs function in lib/dbm/src/hash.c in Mozilla Network Security Services NSS allows context-dependent attackers to have unspecified impact using a crafted cert8.db file...

[SECURITY] Fedora 25 Update: q-7.11-29.fc25

Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced application...

CVE-2017-11695

Heap-based buffer overflow in the allocsegs function in lib/dbm/src/hash.c in Mozilla Network Security Services NSS allows context-dependent attackers to have unspecified impact using a crafted cert8.db file...

CVE-2016-7832

Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM Cybozu Dezie proprietary format file via unspecified vectors...

CVE-2016-7832

Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM Cybozu Dezie proprietary format file via unspecified vectors...

Design/Logic Flaw

Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM Cybozu Dezie proprietary format file via unspecified vectors...

CVE-2016-7833

Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM Cybozu Dezie proprietary format file via unspecified vectors...

CVE-2016-7832

CVE-2016-7832 affects Cybozu Dezie 8.0.0–8.1.1. The issue is an access restriction bypass that allows an unauthenticated attacker to obtain an arbitrary DBM file (Cybozu Dezie proprietary format) via unspecified vectors, potentially exposing sensitive data. Connected records also note exposure ri...

CVE-2016-7833

CVE-2016-7833 affects Cybozu Dezie 8.0.0–8.1.1. The vulnerability allows an unauthenticated (remote) attacker to bypass access restrictions and delete an arbitrary DBM file (Cybozu Dezie proprietary format) via unspecified vectors. The JVN entry and related sources recommend updating to the lates...

JVN#16781735: Multiple access restriction bypass vulnerabilities in Cybozu Dezie

Cybozu Dezie contains multiple access restriction bypass vulnerabilities listed below. Access restriction bypass to download DBM files - CVE-2016-7832 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Bas...

CVE-2003-1067

Multiple buffer overflows in the 1 dbmopen function, as used in ndbm and dbm, and the 2 dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions...

ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure

It was possible to make the remote web server disclose the physical path to its web root by requesting a MS-DOS device ending in .dbm as in nul.dbm. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script was written by Renaud Deraison Modified by Paul Johnston for Westpoint Ltd to displ...