7037 matches found
AZL-46984 CVE-2024-4076 affecting package bind for versions less than 9.16.50-1
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...
ALPINE-CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...
CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...
CVE-2024-4076 Assertion failure when serving both stale cache data and authoritative zone content
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...
CVE-2024-4076
CVE-2024-4076: ISC BIND can trigger an assertion failure when serving both stale cache data and authoritative zone content. Affects multiple BIND 9 releases (e.g., 9.16.13–9.16.50, 9.18.0–9.18.27, 9.19.0–9.19.24 and corresponding S1 variants; see references). Consequence is denial of service via ...
CVE-2024-4076 Assertion failure when serving both stale cache data and authoritative zone content
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...
CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
...
UBUNTU-CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...
ISC BIND 安全漏洞
ISC BIND is an ISC open source suite of open source software that implements the DNS protocol. A security vulnerability exists in ISC BIND 9, which stems from an assertion failure when both stale cached data and authoritative zone content are provided...
Amazon Linux 2 : libreswan (ALAS-2024-2596)
The version of libreswan installed on the remote host is prior to 3.25-4.8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2596 advisory. The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. Wh...
Medium: libreswan
Issue Overview: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not...
PT-2024-5029 · Apache · Apache Cloudstack
Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.5.0 through 4.18.2.1 Apache CloudStack versions 4.19.0.0 through 4.19.0.2 Description: The issue is related to the SAML authentication mechanism in Apache CloudStack, which does not enforce signature checks when...
FAS raises error "Server [*****$] is not authorized to assert identities using rule
After clicking the icon, the APP launch fails with following event log on FAS server Log Name: Application Source: Citrix.Authentication.FederatedAuthenticationService Date: 7/12/1999 10:10:04 AM Event ID: 101 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: FASTEST.fasS.c...
SUSE CVE-2022-48810
In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip6mrfreetable on failure path ip6mrfreetable can only be called under RTNL lock. RTNL: assertion failed at net/core/dev.c 10367 WARNING: CPU: 1 PID: 5890 at net/core/dev.c:10367...
CVE-2022-48810
In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip6mrfreetable on failure path ip6mrfreetable can only be called under RTNL lock. RTNL: assertion failed at net/core/dev.c 10367 WARNING: CPU: 1 PID: 5890 at net/core/dev.c:10367...
CVE-2022-48810
In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip6mrfreetable on failure path ip6mrfreetable can only be called under RTNL lock. RTNL: assertion failed at net/core/dev.c 10367 WARNING: CPU: 1 PID: 5890 at net/core/dev.c:10367...
CVE-2022-48810
In CVE-2022-48810, the Linux kernel fixes a RTNL lock handling issue in IPv4/IPv6 multicast code: ipmr and ip6mr_free_table() could be called on the failure path without proper RTNL protection. The patch ensures RTNL is held before freeing mroute tables, preventing an assertion failure observed i...
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames
Summary The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found. Details When WebAuthn is used as the first or only authentication method, an attacker can enumerate usernames based on the absence of the allowedCredentials property i...
GHSA-875X-G8P7-5W27 The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames
Summary The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found. Details When WebAuthn is used as the first or only authentication method, an attacker can enumerate usernames based on the absence of the allowedCredentials property i...