Apache Qpid Session.gap Denial of Service - ver 2 (CVE-2015-0203)

A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...

Apache Qpid Session.gap Denial of Service (CVE-2015-0203)

A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...

Debian Security Advisory DSA 3216-1 (tor - security update)

Several vulnerabilities have been discovered in Tor, a connection-based low-latency anonymous communication system: CVE-2015-2928disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible...

Debian: Security Advisory (DSA-3216-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2015:0776-1 Security update for subversion

Apache Subversion was updated to fix three vulnerabilities. The following vulnerabilities were fixed: Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. bsc923793 CVE-2015-0202 Subversion moddavsvn and svnser...

subversion -- DoS vulnerabilities

Subversion Project reports: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion moddavsvn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with...

Debian DLA-127-1 : pyyaml security update

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash. NOTE: Tenabl...

Debian DLA-110-1 : libyaml security update

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. NOTE: Tenable...

Debian DLA-109-1 : libyaml-libyaml-perl security update

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. This update...

Debian DSA-3203-1 : tor - security update

Several denial-of-service issues have been discovered in Tor, a connection-based low-latency anonymous communication system. - Jowr discovered that very high DNS query load on a relay could trigger an assertion error. - A relay could crash with an assertion error if a buffer of exactly the wrong...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

[SECURITY] [DLA 178-1] tor security update

Package : tor Version : 0.2.4.26-1deb6u1 Several issues have been discovered and fixed in Tor, a connection-based low-latency anonymous communication system. o Jowr discovered that very high DNS query load on a relay could trigger an assertion error. o A relay could crash with an assertion error ...

Debian Security Advisory DSA 3203-1 (tor - security update)

Several denial-of-service issues have been discovered in Tor, a connection-based low-latency anonymous communication system. Jowr discovered that very high DNS query load on a relay could trigger an assertion error. A relay could crash with an assertion error if a buffer of exactly the wrong layo...

OpenSSL SSLv2 Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A denial-of-service vulnerability exists in OpenSSL SSLv2, which can be exploited by a remote attacker via a constructed...

Design/Logic Flaw

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message...

Apache Axis2 <= 1.6.2 Multiple Vulnerabilities

Apache Axis2 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE = "cpe:/a:apache:axis2"; if...

CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods

It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...

CVE-2015-2190

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service assertion failure and application exit via a crafted packet that is improperly handled by the LLDP dissector...

CVE-2015-2190

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service assertion failure and application exit via a crafted packet that is improperly handled by the LLDP dissector...

pcre: incorrect handling of zero-repeat assertion conditions

A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application for example, Konqueror linked against PCRE to crash while parsing malicious regular expressions...