Denial Of Service (DoS)

openvswitch is vulnerable to denial of service. An assertion failure in the parsegrouppropntrselectionmethod function in lib/ofp-util.c allows for an attacker to cause a denial of service condition in the application. This is due to an invalid group type during decoding of a group mod when the...

Denial Of Service (DoS)

bind is vulnerable to denial of service DoS attacks. The vulnerability exists as "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client...

Denial Of Service (DoS)

libbind9.so is vulnerable to denial of service DoS attacks. The library contains a use-after-free bug in the fctxstoptimer function in the lib/dns/resolver.c file, allowing a malicious user to pass a DNS packet to cause an assertion failure and crash the application...

Denial Of Service (DoS)

redhat certificatesystem is vulnerable to denial of service. An input validation error was found in Red Hat Certificate System's handling of client provided certificates. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service...

Denial Of Service (DoS)

bind is vulnerable to denial of service DoS attacks. The vulnerability exists as ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via malformed options data in an OPT resource record...

Denial Of Service (DoS)

libyaml is vulnerable to denial of service DoS attacks. The vulnerability exists as scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving...

Denial Of Service (Dos)

openldap is vulnerable to denial of service. An assertion failure and daemon exit occurs in slapd when an LDAP search query with attrsOnly set to true returns empty attributes. This allows a remote attacker to exploit the vulnerability to crash the process...

WebKit Assertion Failure Vulnerability in Multiple Apple Products (CNVD-2019-04712)

Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser shipped with the Mac OS X and iOS operating systems. iTunes for Windows is a media player and application for the Windows platform. WebKit is one of the web browser engine components...

WebKit Assertion Failure Vulnerability in Multiple Apple Products (CNVD-2019-04706)

Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser shipped with the Mac OS X and iOS operating systems. iTunes for Windows is a media player and application for the Windows platform. WebKit is one of the web browser engine components...

WebKit Assertion Failure Vulnerability in Multiple Apple Products (CNVD-2019-04707)

Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser shipped with the Mac OS X and iOS operating systems. iTunes for Windows is a media player and application for the Windows platform. WebKit is one of the web browser engine components...

DEBIAN-CVE-2018-4213

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks...

DEBIAN-CVE-2018-4212

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks...

DEBIAN-CVE-2018-4207

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks...

CVE-2018-20217

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 aka krb5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type single-DES, triple-DES, or RC4, the attacker can crash the KDC by making an S4U2Self request...

MGASA-2019-0028 Updated krb5 packages fix security vulnerability

An authenticated user who can obtain a TGT using an older encryption type DES, DES3, or RC4 can cause an assertion failure in the KDC by sending an S4U2Self request CVE-2018-20217...

Updated krb5 packages fix security vulnerability

An authenticated user who can obtain a TGT using an older encryption type DES, DES3, or RC4 can cause an assertion failure in the KDC by sending an S4U2Self request CVE-2018-20217...

Updated live, ffmpeg, mplayer, and vlc packages fix security vulnerabilities

A bug in the server implementation of RTSP-over-HTTP in live could allow a denial-of-service attack. A bug in the server implementation of RTSP-over-HTTP could allow a buffer overflow, which could result in the execution of arbitrary code when parsing a malformed RTSP stream CVE-2018-4013. The...

Internet Bug Bounty: ZeroMQ libzmq remote code execution

Bug report and exploit: https://github.com/zeromq/libzmq/issues/3351 Fix by me: https://github.com/zeromq/libzmq/pull/3353 My motive for full disclosure is as follows: Is it true that it is not safe to use ZeroMQ over the internet because it will crash? Earlier versions of the ZeroMQ library befo...

Design/Logic Flaw

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class in FileSpec.cc in pdfdetach...

DEBIAN-CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class in FileSpec.cc in pdfdetach...