37 matches found
Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : libnss-db vulnerability (USN-922-1)
Stephane Chazelas discovered that libnss-db did not correctly set up a database environment. A local attacker could exploit this to read the first line of arbitrary files, leading to a loss of privacy and possibly privilege escalation. Note that Tenable Network Security has extracted the precedin...
USN-922-1: libnss-db vulnerability
Stephane Chazelas discovered that libnss-db did not correctly set up a database environment. A local attacker could exploit this to read the first line of arbitrary files, leading to a loss of privacy and possibly privilege escalation...
Debian Security Advisory DSA 1430-1 (libnss-ldap)
The remote host is missing an update to libnss-ldap announced via advisory DSA 1430-1. OpenVAS Vulnerability Test $Id: deb14301.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1430-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian Security Advisory DSA 1118-1 (mozilla)
The remote host is missing an update to mozilla announced via advisory DSA 1118-1. For details, please visit the referenced security advisories. OpenVAS Vulnerability Test $Id: deb11181.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1118-1 Authors: Thomas...
Debian: Security Advisory (DSA-1265-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-1430-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1430-1 : libnss-ldap - denial of service
It was reported that a race condition exists in libnss-ldap, an NSS module for using LDAP as a naming service, which could cause denial of service attacks if applications use pthreads. This problem was spotted in the dovecot IMAP/POP server but potentially affects more programs. %NASLMINLEVEL 703...
[SECURITY] [DSA 1430-1] New libnss-ldap packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-1430-1 [email protected] http://www.debian.org/security/ Steve Kemp December 11, 2007 http://www.debian.org/security/faq -...
DSA-1430-1 libnss-ldap - information disclosure
Bulletin has no description...
CVE-2007-5794
Race condition in nssldap, when used in applications that are linked against the pthread library and fork after a call to nssldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong...
Mozilla libnss multiple security vulnerabilities
Buffer overflows and integer overflows in SSL2 client and server code implementation...
Ubuntu 4.10 / 5.04 : openldap2, libpam-ldap, libnss-ldap vulnerabilities (USN-152-1)
Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and libnss-ldap. When a client connected to a slave LDAP server using SSL, the slave server did not use SSL as well when contacting the LDAP master server. This caused passwords and other confident information to be transmitted...
libNSS Hello Challenge Remote Heap Overflow
Binary data 2133.prm...
libNSS Hello Challenge Remote Heap Overflow
Binary data 2134.prm...
CVE-2001-1089
libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request...
CVE-2001-1089
Summary of CVE-2001-1089: The vulnerable component is libnss-pgsql in the nss-pgsql package (version 0.9.0 and earlier). The issue allows remote attackers to execute arbitrary SQL queries by injecting SQL code into an HTTP request, indicating a server-side input handling flaw that can affect conf...
CVE-2001-1089
libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request...