Medium: elfutils

Issue Overview: The libcpu component which is used by libasm of elfutils version 0.177 git 47780c9e, suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write CWE-787, off-by-one error CWE-193 and reachable assertion CWE-617; to exploit the vulnerabilit...

UBUNTU-CVE-2023-4236

A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18...

ISC BIND DoS Vulnerability (CVE-2023-4236) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

ISC BIND Security Vulnerability

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in BIND version 9, which stems from an unexpected termination due to an assertion failure...

ISC BIND 9.18.0 < 9.18.19 / 9.18.11-S1 < 9.18.19-S1 Assertion Failure (cve-2023-4236)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-4236 advisory. - A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Bind vulnerabilities (USN-6390-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6390-1 advisory. It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channe...

Amazon Linux 2 : elfutils (ALAS-2023-2259)

"The version of elfutils installed on the remote host is prior to 0.176-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2259 advisory. The libcpu component which is used by libasm of elfutils version 0.177 git 47780c9e, suffers from denial-of-service vulnerability...

Debian dla-3573 : frr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3573 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3573-1 [email protected]...

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

The vulnerability of the Item_field::used_tables/update_depend_map_for_order component of the MariaDB database management system, which allows a hacker to trigger a service failure.

The vulnerability of the Itemfield::usedtables/updatedependmapfororder component of the MariaDB database management system is related to the use of the assert function or similar operators. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

AZL-28790 CVE-2023-3301 affecting package qemu for versions less than 6.2.0-23

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...

CVE-2023-3301

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...

UBUNTU-CVE-2023-3301

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...

Users receive error "Try again after some time or contact your help desk" at login

While accessing ADC Gateway or Authentication page, in certain conditions users received one of these two errors: "Try again after some time or contact your help desk". "Malformed assertion sent to Netscaler" Users redirected to Login page. To validate this is the cause, you can check ADC syslogs...

PT-2023-5379 · Isc +4 · Bind 9 +4

Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.18.0 through 9.18.18 BIND 9 versions 9.18.11-S1 through 9.18.18-S1 Description: A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens...

Amazon Linux 2 : sox, --advisory ALAS2-2023-2231 (ALAS-2023-2231)

The version of sox installed on the remote host is prior to 14.4.1-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2231 advisory. A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsxreadwbuf in formatsi.c file. The...

Oracle Linux 7 : ELSA-2017-1308-1: / kernel (ELSA-2017-13081)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-13081 advisory. - The hashaccept function in crypto/algifhash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service OOPS by attempting to...

Oracle Linux 7 : libtiff (ELSA-2019-2053)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2053 advisory. - Fix compiler warning introduced by patch for CVE-2018-18661 - Fix CVE-2016-3186 - Fix CVE-2018-7456 - Fix CVE-2018-8905 - Fix CVE-2018-10779 - Fix...

Medium: php72-pecl-imagick

Issue Overview: ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. CVE-2017-1000476 The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability th...