Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000026 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the improper validation of user-supplied input by the bnx2x...

EulerOS Virtualization for ARM 64 3.0.1.0 : bind (EulerOS-SA-2019-1376)

According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was discovered in bind versions that include the 'deny-answer-aliases' feature. This flaw may...

EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker...

EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow vulnerability was found in the ringbufferresize calculations in which a privileged user can adjust the size o...

Server side request forgery (ssrf)

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method...

CVE-2019-11066

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method...

CVE-2019-1714

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 Single Sign-On SSO for Clientless SSL VPN WebVPN and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated,...

ISC BIND 9.10.5-S1 < 9.11.5-S6 Assertion Failure Vulnerability

ISC BIND versions 9.11.5-S5 and earlier are affected by an error in the nxdomain-redirect feature in versions which support EDNS Client Subnet ECS features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. C Tenable...

Out Of Bound Reads (OOB)

Mozilla Firefox is vulnerable to out of bound reads. This vulnerability exists due to an assertion error in graphite2. An attacker could possibly exploit this flaw to cause an application crash...

Denial Of Service (DoS)

JasPer is vulnerable to denial of service attacks. A remote attacker could cause denial of service through assertion failure via a crafted image file. Affected by this issue is the function jpcpinextrpcl in jpct2cod.c...

Denial Of Service (DoS)

JasPer is vulnerable to denial of service attacks. A remote attacker could cause denial of service through assertion failure via a crafted file. Affected by this issue is the function calcstepsizes function in the file jpcdec.c...

Denial Of Service (DoS)

JasPer is vulnerable to denial of service attacks. A remote attacker could cause denial of service through assertion failure via a crafted image file. Affected by this issue is the function rasgetcmap in rasdec.c...

Denial Of Service (DoS)

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP Border Gateway Protocol routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF Open Shortest Path First routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd...

Denial Of Service (DoS)

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP Border Gateway Protocol routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF Open Shortest Path First routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd...

PT-2019-2120 · Cisco · Cisco Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance versions prior to the fixed version Cisco Firepower Threat Defense versions prior to the fixed version Description: The issue is related to improper credential management when using NT LAN Manager NTLM or bas...

ISC BIND DoS Vulnerability (CVE-2019-6467) - Linux

ISC BIND is prone to a denial of service vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

The vulnerability of the register_hooks() function in the Apache HTTP Server’s web server, related to the possibility of bypassing authentication, allows attackers to circumvent existing access control mechanisms.

The vulnerability of the registerhooks function modauthmellon in the Apache HTTP Server is related to the possibility of bypassing authentication by executing a special SAML ECP. Exploiting this vulnerability allows a malicious actor to circumvent existing access control mechanisms by using...

UBUNTU-CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2019-6468

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet ECS features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIN...