ISC BIND 9.2.0 < 9.16.44 / 9.9.3-S1 < 9.16.44-S1 / 9.18.0 < 9.18.19 / 9.18.0-S1 < 9.18.19-S1 / 9.19.0 < 9.19.17 Vulnerability (cve-2023-3341)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-3341 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing...

ISC BIND DoS Vulnerability (CVE-2023-3341) - Linux

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

ISC BIND DoS Vulnerability (CVE-2023-3341) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

Oracle Linux 7 : ELSA-2017-1842-1: / kernel (ELSA-2017-18421)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-18421 advisory. - The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that chan...

PT-2023-18315 · Hlos · Hlos

Name of the Vulnerable Software and Affected Versions: HLOS affected versions not specified Description: A cryptographic issue exists where derived keys used for encryption and decryption remain present on the stack after use. Recommendations: At the moment, there is no information about a newer...

K15013: OpenSSH vulnerability CVE-2011-0539

Security Advisory Description The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents ...

K37012655: Linux kernel vulnerability CVE-2016-7042

Security Advisory Description The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack...

K46394694: Linux kernel vulnerability CVE-2016-8650

Security Advisory Description The mpipowm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service stack memory corruption and panic via an addkey system call for an RSA key with ...

K15571: OpenSSL vulnerability CVE-2014-3508

Security Advisory Description Description The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to...

K15984: Linux kernel vulnerability CVE-2013-7265

Security Advisory Description The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory...

K15983: Linux kernel vulnerability CVE-2013-7263

Security Advisory Description The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, or 3 recvmsg system cal...

SUSE CVE-2007-0908

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...

SUSE CVE-2010-3078

The xfsiocfsgetxattr function in fs/xfs/linux-2.6/xfsioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call...

SUSE CVE-2010-3876

net/packet/afpacket.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAPNETRAW capability to read copies of the applicable structures...

SUSE CVE-2010-3877

The getname function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure...

SUSE CVE-2010-4073

The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the 1 compatsyssemctl, 2 compatsysmsgctl, and 3 compatsysshmctl functions in...

SUSE CVE-2010-4076

The rsioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

SUSE CVE-2010-4083

The copysemidtouser function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a 1 IPCINFO, 2 SEMINFO, 3 IPCSTAT, or 4 SEMSTAT command in a semctl system call...

SUSE CVE-2010-4158

The skrunfilter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a 1 BPFSLDMEM or 2 BPFSLDXMEM instruction, which allows local users to obtain potentially sensitive information from kernel stac...

SUSE CVE-2011-2913

Off-by-one error in the CSoundFile::ReadAMS function in src/loadams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service stack memory corruption and possibly execute arbitrary code via a crafted AMS file with a large number of samples...