Debian: Security Advisory (DSA-3746-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : squid on SL7.x x86_64 (20161103)

The following packages have been upgraded to a newer upstream version: squid 3.5.20. Security Fixes : - Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid usi...

MariaDB 10.1.0 < 10.1.18 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.1.18. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.1.18 advisory. - Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before...

Microsoft Edge - CBase­Scriptable::Private­Query­Interface Memory Corruption (MS16-068)

Microsoft Edge - CBase­Scriptable::Private­Query­Interface Memory Corruption MS16-068 Source: http://blog.skylined.nl/20161205001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge. I did not investigate this vulnerability thoroughly, so I...

PT-2017-12377 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.8.11 Description: The issue allows privileged KVM guest OS users to cause a denial of service, leading to an assertion failure and host OS crash, by accessing the Performance Monitors Cycle Count Register...

shopify-scripts: Crash: Initialize Decimal with itself triggers an assertion

When Decimal is initialized with itself, a new empty mpdt will be created. To fill it with a value, tos of the current instance is called, which accesses the empty mpdt. This triggers an assertion, which leads to a crash. Patch I've created and attached a simple patch which just returns self when...

LibTIFFtif_predict.h/tif_predict.c Buffer Overflow Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A buffer overflow vulnerability exists in libtiff version 4.0.6 in tifpredict.h/tifpredict.c...

CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

DEBIAN-CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

UBUNTU-CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

CVE-2016-9397

The jpcdequantize function in jpcdec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service assertion failure via unspecified vectors...

CVE-2016-9395

The jasseq2dcreate function in jasseq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service assertion failure via a crafted file...

CVE-2016-9399

The calcstepsizes function in jpcdec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service assertion failure via unspecified vectors...

CVE-2016-9388

The rasgetcmap function in rasdec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service assertion failure via a crafted image file...

Amazon Linux AMI : bind (ALAS-2016-768)

A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. C Tenable Network Security, Inc. The descriptive text and package...

AIX 5.3 TL 12 : bind (IV90056) (deprecated)

https://vulners.com/cve/CVE-2016-2776 https://vulners.com/cve/CVE-2016-2776 ISC BIND is vulnerable to a denial of service, caused by an assertion failure in buffer.c while a nameserver is building responses to a specifically constructed request. By sending a specially crafted DNS packet, a remote...

AIX 6.1 TL 9 : bind (IV89828) (deprecated)

https://vulners.com/cve/CVE-2016-2776 https://vulners.com/cve/CVE-2016-2776 ISC BIND is vulnerable to a denial of service, caused by an assertion failure in buffer.c while a nameserver is building responses to a specifically constructed request. By sending a specially crafted DNS packet, a remote...

AIX 7.1 TL 3 : bind (IV89830) (deprecated)

https://vulners.com/cve/CVE-2016-2776 https://vulners.com/cve/CVE-2016-2776 ISC BIND is vulnerable to a denial of service, caused by an assertion failure in buffer.c while a nameserver is building responses to a specifically constructed request. By sending a specially crafted DNS packet, a remote...