Stack overflow

Stack consumption vulnerability in the parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service uncontrolled recursion, and system crash or reboot via a crafted iso9660 image with a CL entry referring to a directory...

CVE-2014-5265

The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...

SOL15481 - BIND vulnerability CVE-2012-1033

Note: BIG-IP systems are vulnerable only in the event that you configure BIND for name resolution requests, and enable recursion. If the BIG-IP system receives a DNS request which it cannot resolve locally, and makes a recursive request to an external DNS server, the vulnerability may be exploite...

Oracle Linux 5 / 6 : php53 / and / php (ELSA-2014-1012)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1012 advisory. - core: type confusion issue in phpinfo. CVE-2014-4721 - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 - core: fix heap-base...

file: unrestricted recursion in handling of indirect type rules

A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU...

CVE-2014-3532

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service system-bus disconnect of other services or applications by sending a message containing a file descriptor, then exceeding the maximum recursion depth before...

FreeBSD : dbus -- multiple vulnerabilities (e6a7636a-02d0-11e4-88b6-080027671656)

Simon McVittie reports : Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's support for file descriptor passing. A malicious process could force system services or user applications to be disconnected from the D-Bus system bus by sending them a message containing a file descriptor,...

UBUNTU-CVE-2014-3532

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service system-bus disconnect of other services or applications by sending a message containing a file descriptor, then exceeding the maximum recursion depth before...

dbus -- multiple vulnerabilities

Simon McVittie reports: Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's support for file descriptor passing. A malicious process could force system services or user applications to be disconnected from the D-Bus system bus by sending them a message containing a file descriptor,...

Mozilla Firefox 2.0.0.12 IFrame Recursion Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27812/info Mozilla Firefox is prone to a remote denial-of-service vulnerability because of the way the browser handles IFrames. Attackers can exploit this issue to make the browser unresponsive and cause denial-of-service...

DNS Recursion Bandwidth Amplification - Denial of Service PoC

No description provided by source. !/usr/bin/perl Get Net::RawIP at http://search.cpan.org/CPAN/authors/id/S/SZ/SZABGAB/Net-RawIP-0.2101.tar.gz cpan Net::DNS:Resolver seems to work fine on each machine I throw it on, as well. PS: To see if you can spoof, check out the ANA Spoofer project...

Linux Kernel 2.6.x NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23677/info The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when a NETLINK message is misrouted. A local attacker may exploit this issue to trigger an infinite-recursion stack-bas...

Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products

This security advisory SA describes the impact of 7 OpenSSL vulnerabilities discovered in third-party software. The vulnerabilities are referenced in this document as follows: 1.SSL/TLS Man-in-the-Middle Vulnerability CVE-2014-0224. An unauthenticated, remote attacker with the ability to intercep...

openSUSE Security Update : clamav (openSUSE-SU-2011:1177-1)

This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update clamav-5308. The text description of this...

openSUSE Security Update : kernel (openSUSE-SU-2013:0396-1)

The Linux kernel was updated to fix various bugs and security issues : CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACESETREGS ptrace system call in a crafted application, as demonstrated by ptracedeath. CVE-2013-016...

openSUSE Security Update : clamav (openSUSE-SU-2011:1177-1)

This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update clamav-5308. The text description of this...

openSUSE Security Update : gpg2 (openSUSE-SU-2013:1546-1)

gpg2 was updated to fix a denial of service attack through infinite recursion in the compressed packet parser bnc844175 CVE-2013-4402. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()

The dossl3write function in s3pkt.c in OpenSSL 1.x through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via vectors...

Mandriva Linux Security Advisory : openssl (MDVSA-2014:106)

Multiple vulnerabilities has been discovered and corrected in openssl : The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers ...

openSUSE: Security Advisory for openssl (openSUSE-SU-2014:0764-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...