CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

reSIProcate 1.3.2 - Remote Denial of Service PoC

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS in reSIProcate MU-200807-01 July 10, 2008 http://labs.mudynamics.com/advisories.html Affected Products/Versions: repro SIP proxy/registrar 1.3.2 http://www.resiprocate.org/ReSIProcate1.3.2Release Any produ...

Sun Java Runtime Environment 1.4.x Font Object Assertion Failure Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10623/info The Sun Java Runtime Environment Font object is reportedly vulnerable to an assertion failure denial of service vulnerability. This issue is due to a failure of the process to handle exceptional conditions when...

Avahi < 0.6.24 (mDNS Daemon) Remote Denial of Service Exploit

No description provided by source. / cve-2008-5081.c Avahi mDNS Daemon Remote DoS 0.6.24 Jon Oberheide [email protected] http://jon.oberheide.org Usage: gcc cve-2008-5081.c -ldnet -o cve-2008-5081 ./cve-2008-5081 1.2.3.4 Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5081...

CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid

It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...

CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid

It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...

Internet Bug Bounty: Cross-site information assertion leak via Content Security Policy

It is possible to test for the satisfaction of certain assertions across origins by abuse of Content Security Policy. These could be assertions such as 'is the client logged into this website', or 'is the client logged in as this user', or 'does the client have access to these panels'. This gener...

CVE-2014-4045

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when subminexpiry is set to zero, allows remote attackers to cause a denial of service assertion failure and crash via an unsubscribe request when not subscribed to the device...

CVE-2014-4045

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when subminexpiry is set to zero, allows remote attackers to cause a denial of service assertion failure and crash via an unsubscribe request when not subscribed to the device...

openSUSE Security Update : openssl (openSUSE-2012-52)

openssl was prone to several security issues : - DTLS Plaintext Recovery Attack CVE-2011-4108 - Uninitialized SSL 3.0 Padding CVE-2011-4576 - Malformed RFC 3779 Data Can Cause Assertion Failures CVE-2011-4577 - SGC Restart DoS Attack CVE-2011-4619 - Invalid GOST parameters DoS Attack CVE-2012-002...

openSUSE Security Update : krb5 (openSUSE-SU-2011:1169-1)

The following issues have been fixed : - CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. - CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due to a NULL pointer dereference. Both bugs could be triggered by unauthenticated remote...

openSUSE Security Update : subversion (openSUSE-SU-2013:1860-1)

This update fixes the following issues with subversion : - bnc850747: update to 1.7.14 - CVE-2013-4505: moddontdothat does not restrict requests from serf clients. - CVE-2013-4558: moddavsvn assertion triggered by autoversioning commits. + Client- and server-side bugfixes : - fix assertion on url...

DEBIAN-CVE-2014-3970

The partprecv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service assertion failure and abort via an empty UDP packet...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. The partprecv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service assertion failure and abort via an empty UDP packet...

CVE-2014-3970

The partprecv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service assertion failure and abort via an empty UDP packet...

Design/Logic Flaw

The partprecv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service assertion failure and abort via an empty UDP packet...

CVE-2014-3970

The partprecv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service assertion failure and abort via an empty UDP packet...

squid: denial of service when using SSL-Bump

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service assertion failure via a crafted range request, related to state management...

ISC BIND 9.10.0 / 9.10.0-P1 named Assertion Failure DoS

Binary data 8313.prm...

CVE-2014-3214

The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a DNS query that triggers a response with unspecified attributes...