PT-2017-18298 · Underbit Technologies +1 · Libmad +1

Name of the Vulnerable Software and Affected Versions: libmad version 0.15.1b Description: The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and application exit, via a crafted audio file. This is related to the mad layer III function in layer3.c,...

EulerOS 2.0 SP1 : squid (EulerOS-SA-2016-1056)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of...

EulerOS 2.0 SP1 : bind (EulerOS-SA-2017-1025)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this fla...

libmad -- multiple vulnerabilities

National Vulnerability Database: CVE-2017-8372: The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted audio file. CVE-2017-8373: The madlayerIII function ...

[ASA-201704-11] bind: denial of service

Arch Linux Security Advisory ASA-201704-11 ========================================== Severity: High Date : 2017-04-29 CVE-ID : CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-239 Summary ======= The package...

Amazon Linux AMI : bind (ALAS-2017-826)

A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. CVE-2017-3137 A denial ...

NetIQ Access Manager Cross-Site Scripting Vulnerability (CNVD-2017-06744)

NetIQ Access Manager provides a simple, secure, and scalable solution for handling Web access requirements. A cross-site scripting vulnerability exists in the AssertionConsumerServiceURL field of a signed AuthnRequest in the samlp:AuthnRequest document for NetIQ Access Manager. A remote attacker...

Amazon Linux AMI : GraphicsMagick (ALAS-2017-820)

The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service out-of-bounds read and application crash via a small samples per pixel value in a CMYKA TIFF file.CVE-2017-6335 The WPG format reader in GraphicsMagick 1.3.2...

Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20170420)

Security Fixes : - A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...

CVE-2017-5183

NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document...

CVE-2016-7540

coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service assertion failure by converting an image to rgf format...

Medium: GraphicsMagick

Issue Overview: The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service out-of-bounds read and application crash via a small samples per pixel value in a CMYKA TIFF file.CVE-2017-6335 The WPG format reader in...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2017-3138

A denial of service flaw was found in the way BIND processed control channel commands. A remote attacker with access to the BIND control channel could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted command...

CVE-2017-3136

A denial of service flaw was found in the way BIND handled query requests when using DNS64 with "break-dnssec yes" option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request. Mitigation Servers which have...

FreeBSD : BIND -- multiple vulnerabilities (c6861494-1ffb-11e7-934d-d05099c0ae8c)

ISC reports : A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other...

SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:0998-1)

This update for bind fixes the following issues: CVE-2017-3137 bsc1033467: Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion...

The vulnerability of the OpenBSD operating system, which allows a hacker to trigger a service failure

The vulnerability of the OpenBSD operating system is related to errors in number processing. Exploiting this vulnerability allows a malicious actor, operating locally, to cause a service failure—i.e., the appearance of a “Assertion failure” window and a kernel error. This occurs by using a large...

CVE-2017-3137

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND...

BIND -- multiple vulnerabilities

ISC reports: A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other...