UBUNTU-CVE-2015-5722

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service assertion failure and daemon exit by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone...

FreeBSD-SA-15:23.bind

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:23.bind Security Advisory The FreeBSD Project Topic: BIND remote denial of service vulnerability Category: contrib Module: bind Announced: 2015-09-02 Credits...

Amazon Linux AMI : subversion / mod_dav_svn (ALAS-2015-587)

The moddavsvn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service memory consumption via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. CVE-2015-0202 An assertion failure flaw was found in the way the SVN server...

Medium: subversion, mod_dav_svn

Issue Overview: The moddavsvn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service memory consumption via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. CVE-2015-0202 An assertion failure flaw was found in the way...

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that...

Flash PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Exploit

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that allows the execution of arbitrar...

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution

Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corrupti...

AIX 5.3 TL 12 : bind9 (IV75966)

ISC BIND is vulnerable to a denial of service, caused by an error in the handling of TKEY queries. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a REQUIRE assertion failure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the...

Scientific Linux Security Update : subversion on SL6.x i386/x86_64 (20150817)

An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash. CVE-2015-0248 It was found that the...

CentOS Update for mod_dav_svn CESA-2015:1633 centos6

Check the version of moddavsvn SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882252";...

RedHat Update for subversion RHSA-2015:1633-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-6254

The 1 Service Provider SP and 2 Identity Provider IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown...

CVE-2015-0277

The Service Provider SP in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due ...

Code injection

The 1 Service Provider SP and 2 Identity Provider IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown...

Design/Logic Flaw

The Service Provider SP in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due ...

CVE-2015-6254

The 1 Service Provider SP and 2 Identity Provider IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown...

CVE-2015-0277

The Service Provider SP in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due ...

CVE-2015-0277

CVE-2015-0277 affects Red Hat JBoss PicketLink (SP/IdP) prior to 2.7.0. The flaw is failure to ensure the SP is a member of an Audience when an AudienceRestriction is specified, enabling a remote attacker to log in to other users’ accounts via a crafted SAML assertion. Related issue CVE-2015-6254...

subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers

An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash...

Moderate: Red Hat Security Advisory: subversion security update

Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...