ISC BIND apl_42.c INSIST Assertion Failure Denial of Service (CVE-2015-8704)

A denial-of-service vulnerability has been reported in BIND DNS package bind9. The vulnerability is due to an error in string format operations that causes the BIND daemon to exit with an INSIST assertion failure when processing certain records. A remote attacker could exploit this vulnerability...

DNS BIND server vulnerability, which allows attackers to cause service failures or exert other effects

The vulnerability of the DNS BIND server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures or other adverse effects, such as the appearance of an error message indicating “Assertion failure” or the termination ...

DNS BIND server vulnerability, allowing attackers to cause service failures

The vulnerability of the DNS BIND server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to cause a service failure—such as the appearance of an error message “Assertion failure” or the termination of the daemon—by using a specially...

ISC BIND 9.9.8-Sx < 9.9.8-S5 REQUIRE Assertion DoS

According to its self-reported version number, the version of BIND 9 Supported Preview Edition running on the remote host is version 9.9.8-Sx prior to 9.9.8-S5. It is, therefore, affected by a denial of service vulnerability due to a flaw in file rdataset.c related to handling flag values in...

RHEL 6 : bind (RHSA-2016:0078)

"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0078 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named C...

RedHat Update for qemu-kvm RHSA-2016:0083-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : qemu-kvm (RHSA-2016:0083)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0083 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the...

Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20160128)

An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with...

Important: Red Hat Security Advisory: qemu-kvm security and bug fix update

Updated qemu-kvm packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

bind: responses with a malformed class attribute can trigger an assertion failure in db.c

A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive serve...

bind: TKEY query handling flaw leading to denial of service

A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named functioning as an authoritative DNS server or a DNS resolver exit unexpectedly with an assertion failure via a specially crafted DNS request packet...

F5 Networks BIG-IP : BIND vulnerability (SOL14601)

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query for an AAAA record. C Tenable...

ISC BIND 9.3.0 < 9.9.8-P3 / 9.9.x-Sx < 9.9.8-S4 / 9.10.x < 9.10.3-P3 Multiple DoS

According to its self-reported version number, the installation of ISC BIND running on the remote name server is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists due to improper handling of certain string formatting options. An authenticated,...

CVE-2015-8704

apl42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service INSIST assertion failure and daemon exit via a malformed Address Prefix List APL record...

wireshark-gtk: denial of service

CVE-2015-8742 denial of service The dissectCPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service memory consumption or application crash via a...

CVE-2015-8739

The ipmifmtudpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service assertion failure and application exit via a crafted packet...

CVE-2015-8739

The ipmifmtudpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service assertion failure and application exit via a crafted packet...

lldp 'assert()' function denial of service vulnerability

lldp Link Layer Discovery Protocol is a link layer discovery protocol that allows network devices to advertise their device identity and performance on the local subnet. A denial of service vulnerability exists in lldp. An attacker could exploit this vulnerability to crash the daemon and deny...

The vulnerability of the Firefox browser, which allows a violator to trigger a service failure

The vulnerability in the implementation of the HTTP/2 protocol in Firefox browsers arises from the loss of precision in calculations. Exploiting this vulnerability allows a malicious actor to cause a service failure—the appearance of an error message indicating “Assertion failure” or an emergency...

Mozilla Firefox Denial of Service Vulnerability (CNVD-2015-08319)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the HTTP/2 implementation of Mozilla Firefox prior to version 43.0. A remote attacker can exploit this vulnerability to cause a denial of service integer...