CVE-2015-6806

The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service stack consumption via an escape sequence with a large repeat count value...

SOL17227 - BIND vulnerability CVE-2015-5986

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SUSE SLES10 Security Update : bind (SUSE-SU-2015:0488-1)

This bind update to version 9.6-ESV-R11-W1 fixes the following security issue : - A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow default 7, and the number of...

SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2015:0096-1)

This update of bind to 9.9.6P1 fixes bugs and also the following security issue : A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow default 7, and the number of...

Microsoft .NET Custom XML Data Processing Denial of Service Vulnerability

Microsoft .NET Framework is a system distributed by Microsoft to help developers build WEB-based applications. A security vulnerability exists in the Microsoft .NET Framework that allows remote attackers to exploit a vulnerability by submitting special data to trigger a recursion that consumes a...

CVE-2015-1672

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service recursion and performance degradation via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service Vulnerability."...

MS15-048: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - A denial of service vulnerability exists in the Microsoft .NET Framework due to a recursion flaw that occurs when decrypting XML data. A remote attacker can exploit this,...

powerdns: denial of service

A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. This loop is capped at a 1000 iterations by a failsafe, making the issue harmless on most platforms. However, on specific platforms, the recursion...

CVE-2015-2779

Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service uncontrolled recursion via a crafted massage...

CVE-2015-2779

Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service uncontrolled recursion via a crafted massage...

kernel: isofs: unbound recursion when processing relocated directories

It was found that the parserockridgeinodeinternal function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link CL tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the...

Debian DLA-131-1 : file security update

Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files. As part of the fixes, several limits on aspects of the detection were added or tightened,...

Amazon Linux AMI : file (ALAS-2015-497)

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. CVE-2014-9620 The ELF parser readelf.c in file before 5.21 allows remote attackers to cause a denial of service CPU consumption or crash via a large number of 1 program or 2...

CVE-2015-0132

The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a deni...

kernel: isofs: unbound recursion when processing relocated directories

It was found that the parserockridgeinodeinternal function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link CL tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the...

kernel: isofs: unbound recursion when processing relocated directories

It was found that the parserockridgeinodeinternal function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link CL tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the...

Ubuntu 14.04 LTS : file vulnerabilities (USN-2494-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2494-1 advisory. Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a deni...

USN-2494-1 file vulnerabilities

Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. CVE-2014-3710 Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to caus...

[SECURITY] [DLA 145-1] php5 security update

Package : php5 Version : 5.3.3-7+squeeze24 CVE ID : CVE-2014-0237 CVE-2014-0238 CVE-2014-2270 CVE-2014-8117 Brief introduction CVE-2014-0237 The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial ...

Oracle Solaris Third-Party Patch Update : openssl (cve_2010_5298_race_conditions)

The remote Solaris system is missing necessary patches to address security updates : - Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service...