A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer

...

Mikrotik RouterOS NULL Pointer Dereference / Reachable Assertion Failure Vulnerabilities

Mikrotik RouterOS NULL Pointer Dereference / Reachable Assertion Failure Details ======= Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: fixed version released CVE: - Credit: Qian Chen@cq674350529 of Qihoo 360 Nirvan Team Product Description ================== Router...

bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reac...

RHEL 7 : bind (RHSA-2020:3433)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3433 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named C...

The vulnerability of the Security Assertion Markup Language (SAML) implementation in the PAN-OS operating system allows a perpetrator to increase their privileges.

The vulnerability of the Security Assertion Markup Language SAML implementation in the PAN-OS operating system is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely, provided that the SAM...

bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reac...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reac...

RHEL 6 : bind (RHSA-2020:3379)

"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3379 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named C...

RHEL 6 : bind (RHSA-2020:3378)

"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3378 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named C...

Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2020-1806)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

QEMU: nbd: reachable assertion failure in nbd_negotiate_send_rep_verr via remote client

An assertion failure issue was found in the Network Block DeviceNBD Server of the QEMU. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting ...

yaml-cpp: Denial of service

Background yaml-cpp is a YAML parser and emitter in C++. Description The function Scanner::peek in scanner.cpp may have an assertion failure. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at this time. Resolution All yaml-cpp users...

openSUSE Security Update : cairo (openSUSE-2020-1003)

This update for cairo fixes the following issues : - Fix a memory corruption in pango. - Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'. - Add more FreeeType font color conversions to support COLR/CPAL. - Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. - Fix memory lea...

OPENSUSE-SU-2020:1003-1 Security update for cairo

This update for cairo fixes the following issues: - Fix a memory corruption in pango. - Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'. - Add more FreeeType font color conversions to support COLR/CPAL. - Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. - Fix memory leak...

Security Bulletin: Vulnerability in bind affects SmartCloud Entry (CVE-2016-9147)

Summary ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response. By sending a malformed response, a remote attacker could exploit this vulnerability to trigger a...

Security update for cairo (moderate)

openSUSE Security Update: Security update for cairo Announcement ID: openSUSE-SU-2020:1003-1 Rating: moderate References: 1049092 Cross-References: CVE-2017-9814 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for cairo fixes...

SUSE SLED15 / SLES15 Security Update : cairo (SUSE-SU-2020:1937-1)

This update for cairo fixes the following issues : Fix a memory corruption in pango. Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'. Add more FreeeType font color conversions to support COLR/CPAL. Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. Fix memory leaks found b...

SUSE SLES12 Security Update : bind (SUSE-SU-2020:1914-1)

This update for bind fixes the following issues : Amended documentation referring to rule types 'krb5-subdomain' and 'ms-subdomain'. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. CVE-2018-5741...

SUSE-SU-2020:1937-1 Security update for cairo

This update for cairo fixes the following issues: - Fix a memory corruption in pango. - Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'. - Add more FreeeType font color conversions to support COLR/CPAL. - Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. - Fix memory leak...