Design/Logic Flaw

JerryScript 2.2.0 allows attackers to cause a denial of service assertion failure because a property key query for a Proxy object returns unintended data...

CVE-2020-13622

JerryScript 2.2.0 allows attackers to cause a denial of service assertion failure because a property key query for a Proxy object returns unintended data...

CVE-2020-13622

JerryScript 2.2.0 allows attackers to cause a denial of service assertion failure because a property key query for a Proxy object returns unintended data...

CVE-2020-13622

CVE-2020-13622 affects the JerryScript 2.2.0 engine, where a property key query on a Proxy object can cause a denial of service via an assertion failure. This is the described impact; the available connected documents do not specify a concrete fix version or patch details. No additional exploit s...

CVE-2020-13622

Removed by vendor...

BIND TSIG Badtime Query Denial of Service

A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BIND TSIG Badtime Query Denial of Service...

Aviatrix Systems Controller Data Forgery Issue Vulnerability

Aviatrix Systems Controller is a centralized control panel for business processes and management of Aviatrix Systems solutions from Aviatrix Systems, USA. A security vulnerability exists in Aviatrix Systems Controller 5.1 and prior versions. The vulnerability can be exploited by an attacker to...

CVE-2020-13415

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix, aka XML Signature Wrapping...

CVE-2020-13415

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix, aka XML Signature Wrapping...

Code injection

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix, aka XML Signature Wrapping...

Exploit for Reachable Assertion in Isc Bind

CVE-2020-8617 PoC for CVE-2020-8617 For educational purposes...

ISC BIND Multiple DoS Vulnerabilities (CVE-2020-8616, CVE-2020-8617) - Windows

ISC BIND is prone to multiple denial of service vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Debian DSA-4689-1 : bind9 - security update

Several vulnerabilities were discovered in BIND, a DNS server implementation. - CVE-2019-6477 It was discovered that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service. - CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches...

DEBIAN-CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

Design/Logic Flaw

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

CVE-2020-8617 A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

UBUNTU-CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

keycloak: SAML broker does not check existence of signature on document allowing any user impersonation

It was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to...

GHSA-QF7V-8HJ3-4XW7 Improper Verification of Cryptographic Signature in PySAML2

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...