UBUNTU-CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

mod_auth_mellon: authentication bypass in ECP flow

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

SUSE-SU-2019:0113-2 Security update for krb5

This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types bsc1120489...

CVE-2017-3139

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...

CVE-2017-3139

CVE-2017-3139 describes a denial-of-service in ISC BIND’s DNSSEC validation. A remote attacker can craft a DNS response to cause the DNS server (named) to exit with an assertion failure, impacting availability. The issue is network-exploitable and requires no user interaction. The provided docume...

CVE-2017-3139

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...

CVE-2017-3139

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...

EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-1135)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a...

openSUSE Security Update : soundtouch (openSUSE-2019-898)

This update for soundtouch fixes the following issues : - CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service heap corruption from size inconsistency or possibly have unspecified other impact, as demonstrated by SoundStretch. bsc1108632 - CVE-2018-17097: Th...

openSUSE Security Update : tiff (openSUSE-2019-508)

This update for tiff fixes the following security issues : These security issues were fixed : - CVE-2017-18013: Fixed a NULL pointer dereference in the tifprint.cTIFFPrintDirectory function that could have lead to denial of service bsc1074317. - CVE-2018-10963: Fixed an assertion failure in the...

Amazon Linux 2 : bind (ALAS-2019-1170)

Crash from assertion error when debug log level is 10 and log entries meet buffer boundary. This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikely that most...

EulerOS Virtualization 2.5.2 : bind (EulerOS-SA-2019-1081)

According to the version of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - 'deny-answer-aliases' is a little-used feature intended to help recursive server operators protect end users against DNS rebinding...

SAML Signature Relocation Attack

passport-wsfed-saml2 is vulnerable to SAML signature relocation attacks. The vulnerability exists as the validation function does not ensure that the Signature tag is in the correct location in an Assertion tag, allowing attackers to perform signature relocation attacks...

Medium: bind

Issue Overview: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary. This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikel...

The vulnerability relates to the implementation of Security Assertion Markup Language (SAML) for single-sign-on authentication in the integrated messaging system Cisco Unity Connection. This vulnerability allows attackers to perform cross-site scripting attacks.

The vulnerability of the Security Assertion Markup Language SAML authentication mechanism for Single Sign-On SSO in the integrated Cisco Unity Connection messaging system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor,...

PuTTY (European Commission - DIGIT): Assertion `col >= 0 && col < line->cols' failed, process aborted while streaming ouput from remote server

Summary: During the course of testing putty-0.70-2019-03-01.e0a7697 on Fedora 29 compiled with clang version 7.0.1 Fedora 7.0.1-4.fc29, we discovered it was possible to abort a remote client by streaming data at it in such a way as to trigger an assertion failure in terminal.c. putty:...

Debian DLA-1697-1 : bind9 security updat

Two issues have been found in bind9, the Internet Domain Name Server. CVE-2019-6465 Zone transfer for DLZs are executed though not permitted by ACLs. CVE-2018-5745 Avoid assertion and thus causing named to deliberately exit when a trust anchor's key is replaced with a key which uses an unsupporte...

ISC BIND Assertion Failure Vulnerability

According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is less than 9.11.5-P4 / 9.11.5-S5 / 9.12.3-P4 / 9.13.7. It is, therefore, affected by an assertion failure vulnerability. - An assertion failure exists in the managed-keys component due to an err...

CVE-2019-9211

There is a reachable assertion abort in the function writelongstringmissingvalues in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service...

CVE-2019-9211

There is a reachable assertion abort in the function writelongstringmissingvalues in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service...