CVE-2009-2085

The Security component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans E...

CVE-2009-2085

CVE-2009-2085 affects IBM WebSphere Application Server 6.1 (before 6.1.0.25) and 7.0 (before 7.0.0.5). The vulnerability arises from improper handling of Identity Assertion when CSIv2 Security is used, allowing remote attackers to bypass intended CSIv2 access restrictions via vectors involving En...

CVE-2009-2664

The jswatchset function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service assertion failure and application exit or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE:...

FreeBSD : BIND -- Dynamic update message remote DoS (83725c91-7c7e-11de-9672-00e0815b8da8)

When named8 receives a specially crafted dynamic update message an internal assertion check is triggered which causes named8 to exit. To trigger the problem, the dynamic update message must contains a record of type 'ANY' and at least one resource record set RRset for this fully qualified domain...

bind security update

CentOS Errata and Security Advisory CESA-2009:1180 Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain BI...

RHEL 3 : bind (RHSA-2009:1181)

"Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System...

bind security update

CentOS Errata and Security Advisory CESA-2009:1181 Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain BI...

bind, caching security update

CentOS Errata and Security Advisory CESA-2009:1179 Updated bind packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Updated 29th July 2009 The packages in this...

Important: Red Hat Security Advisory: bind security and bug fix update

Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System D...

bind: DoS (assertion failure) via nsupdate packets

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

bind: DoS (assertion failure) via nsupdate packets

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

Design/Logic Flaw

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

CVE-2009-0696

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

BIND -- Dynamic update message remote DoS

Problem Description: When named8 receives a specially crafted dynamic update message an internal assertion check is triggered which causes named8 to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set RRset for this...

Memory corruption

The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1 the frame chain and synchronous events, 2 a SetMayHaveFrame assertion and...

openSUSE Security Update : openldap2 (openldap2-145)

This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams, which triggers an assertion error. CVE-2008-2952 Additionally a bug was fixed in ldapfreeconnection which...

IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 25 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - Non-standard HTTP methods are allowed. PK73246 - An error in Single Sign-on SSO with SPNEGO implementation could allow a remote...

Memory corruption

The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1 jsLeaveSharpObject, 2...

Quagga Denial of Service Vulnerability

Quagga for Linux is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1788-1 : quagga - improper assertion

It was discovered that Quagga, an IP routing daemon, could no longer process the Internet routing table due to broken handling of multiple 4-byte AS numbers in an AS path. If such a prefix is received, the BGP daemon crashes with an assert failure, leading to a denial of service. %NASLMINLEVEL...