Code injection

The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service assertion failure and daemon restart via a zero DH g^x value in a KE payload in a IKE packet...

CVE-2015-3240

The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service assertion failure and daemon restart via a zero DH g^x value in a KE payload in a IKE packet...

CVE-2006-4095

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service crash via certain SIG queries, which cause an assertion failure when multiple RRsets are returned...

CVE-2006-5779

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service daemon crash via LDAP BIND requests with long authcid names, which triggers an assertion failure...

Network Time Protocol Daemon decodenetnum Assertion Failure (CVE-2015-7855)

A denial-of-service vulnerability exists in the Network Time Protocol daemon NTPD. The vulnerability is due to an assertion failure that can occur in decodenetnum when NTPD receives certain crafted packets. A remote, authenticated attacker can exploit this vulnerability by sending a crafted NTP...

Mac OS X : OS X Server < 5.0.15 Multiple Vulnerabilities

The remote Mac OS X host has a version of OS X Server installed that is prior to 5.0.15. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists due to an assertion flaw that is triggered when parsing malformed DNSSEC keys. An unauthenticated, remo...

CVE-2015-7855

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service assertion failure via a 6 or mode 7 packet containing a long data value...

ntp -- 13 low- and medium-severity vulnerabilities

ntp.org reports: NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015: Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK Cisco ASIG...

Mageia: Security Advisory (MGASA-2015-0341)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Subversion 1.7.x < 1.7.20 / 1.8.x < 1.8.12 Multiple Vulnerabilities

Binary data 8972.prm...

OpenLDAP ber_get_next Denial of Service (CVE-2015-6908)

A denial of service condition has been reported in OpenLDAP. The vulnerability is due to an obsolete assertion failure in bergetnext. A remote user can exploit this vulnerability by sending a crafted BER message to the target server. A successful exploitation will cause a denial of service...

Oracle: Security Advisory (ELSA-2012-0899)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The depth of investigation of CVE-2 0 1 5-5 4 7 7&CloudFlare Virtual DNS how to protect their users-vulnerability warning-the black bar safety net

Last week, the ISC released a patch that fixes the BIND9 DNS server in a remote exploit the vulnerability. This exploit will cause the server during the processing of a data packet when the occurrence of a crash. ! The announcement pointed out, the server in the processing TKEY the type of the...

OpenLDAP 2.4.42 - ber_get_next Denial of Service Vulnerability

OpenLDAP versions 2.4.42 and below suffer from a remote denial of service vulnerability. Exploit Title: OpenLDAP 2.4.42 bergetnext DOS Date: 11/09/15 Exploit Author: Denis Andzakovic Vendor Homepage: http://www.openldap.org/ Software Link:...

CVE-2015-6908

The bergetnext function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd...

ISC BIND 9.0.x < 9.9.7-P3 / 9.10.x < 9.10.2-P4 Multiple DoS

According to its self-reported version number, the installation of ISC BIND running on the remote name server is potentially affected by the following vulnerabilities : - A denial of service vulnerability exists due to an assertion flaw that is triggered when parsing malformed DNSSEC keys. An...

Scientific Linux Security Update : subversion on SL7.x x86_64 (20150908)

An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash. CVE-2015-0248 It was found that the...

subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers

An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash...

Moderate: Red Hat Security Advisory: subversion security update

Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

MGASA-2015-0341 Updated bind packages fix security vulnerabilities

Updated bind packages fix security vulnerability: Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from ...