CVE-2022-1183

CVE-2022-1183 describes an assertion-failure termination in the named daemon on vulnerable BIND configurations that reference http in listen-on statements. Affected are BIND 9.18.0–9.18.2 and BIND 9.19.0 (development branch); configurations using DoT are unaffected, while DoT/DoH deployments may ...

CVE-2022-1183 Destroying a TLS session early causes assertion failure

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...

CVE-2022-1183

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...

ISC BIND 9.18.0 < 9.18.3 Assertion Failure (cve-2022-1183)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2022-1183 advisory. - An assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is...

GHSA-GW5J-77F9-V2G2 Loop with Unreachable Exit Condition in Apache CXF

The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service infinite loop via a crafted SAML token in the authorization header of a request to a JAX-RS service...

Improper Authentication in Apache Axis2

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

GHSA-66RX-GQX3-P98M Improper Authentication in Apache Axis2

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

libsixel img2sixel Denial of Service Vulnerability (CNVD-2022-77874)

libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. libsixel img2sixel version 1.8.6 is vulnerable to a denial-of-service vulnerability, which stems from an assertion failure error in stbijpeghuffdecode, stbimage.h:1894 . A...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via an assertion failure in the stbijpeghuffdecode function, due to a crafted JPEG file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

CVE-2022-29977

There is an assertion failure error in stbijpeghuffdecode, stbimage.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file...

CVE-2022-29977

There is an assertion failure error in stbijpeghuffdecode, stbimage.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file...

Authentication flaw

There is an assertion failure error in stbijpeghuffdecode, stbimage.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file...

CVE-2022-29977

CVE-2022-29977 affects libsixel img2sixel 1.8.6. The vulnerability is an assertion failure in stbi__jpeg_huff_decode (stb_image.h:1894) that enables remote-denial-of-service via a crafted JPEG file. The provided documents do not specify patched versions or remediation steps.

MongoDB Server (mongod) may crash in response to unexpected requests

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6...

NewStart CGSL CORE 5.05 / MAIN 5.05 : bind Vulnerability (NS-SA-2022-0041)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has bind packages installed that are affected by a vulnerability: - In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview Editio...

NewStart CGSL MAIN 6.02 : unbound Multiple Vulnerabilities (NS-SA-2022-0064)

The remote NewStart CGSL host, running version MAIN 6.02, has unbound packages installed that are affected by multiple vulnerabilities: - DISPUTED Unbound before 1.9.5 allows an integer overflow in the regional allocator via regionalalloc. NOTE: The vendor disputes that this is a vulnerability...

NewStart CGSL MAIN 6.02 : bind Vulnerability (NS-SA-2022-0051)

The remote NewStart CGSL host, running version MAIN 6.02, has bind packages installed that are affected by a vulnerability: - In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release version...

CVE-2022-29339

In GPAC 2.1-DEV-rev87-g053aae8-master, function BSReadByte in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2...

Denial of service

In GPAC 2.1-DEV-rev87-g053aae8-master, function BSReadByte in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2...

UBUNTU-CVE-2022-29339

In GPAC 2.1-DEV-rev87-g053aae8-master, function BSReadByte in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2...