7041 matches found
ISC BIND 9.16.12 < 9.16.37 / 9.16.12-S1 < 9.16.37-S1 / 9.18.0 < 9.18.11 / 9.19.0 < 9.19.9 Assertion Failure (cve-2022-3924)
The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2022-3924 advisory. - This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option...
CVE-2022-3488
Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such a...
ISC BIND 9.11.4-S1 < 9.16.37-S1 / 9.16.8-S1 < 9.16.37-S1 Assertion Failure (cve-2022-3488)
The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2022-3488 advisory. - Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is...
Fedora 37 : redis (2023-fbfe7a6cfe)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-fbfe7a6cfe advisory. Redis 7.0.8 Released Mon Jan 16 12:00:00 IDT 2023 Security Fixes: CVE-2022-35977 Integer overflow in the Redis SETRANGE and SORT/SORTRO commands can...
CVE-2022-3924
This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...
CVE-2022-3924 named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota
This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...
CVE-2022-3924 named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota
This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...
CVE-2022-3924
This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...
CVE-2022-3488
Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such a...
CVE-2022-3924
A flaw was found in Bind. When resolver receives many queries requiring recursion, there will be a corresponding increase in the number of clients waiting for recursion to complete. This may, under certain conditions, lead to an assertion failure and a denial of service. Mitigation Disabling...
ISC BIND 安全漏洞
ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in BIND versions 9.11.4-S1 through 9.11.37-S1, and 9.16.8-S1 through 9.16.36-S1, which stems from processing duplicate responses to the same query, where both...
PT-2023-13432 · Isc · Bind 9
Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.11.4-S1 through 9.11.37-S1 BIND 9 versions 9.16.8-S1 through 9.16.36-S1 Description: The issue arises when processing repeated responses to the same query, where both responses contain ECS pseudo-options, but the first...
ISC BIND 安全漏洞
ISC BIND is a suite of open source software that implements the DNS protocol from the American company ISC. A security vulnerability exists in BIND versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, and 9.19.0 through 9.19.8, which stems from the fact that if the resolver receives a lot of...
CVE-2022-3924
This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...
Slackware Linux 15.0 / current bind Multiple Vulnerabilities (SSA:2023-025-01)
The version of bind installed on the remote host is prior to 9.16.37 / 9.18.11. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-025-01 advisory. - BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client- timeout is...
Ubuntu 20.04 LTS / 22.04 LTS : Bind vulnerabilities (USN-5827-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5827-1 advisory. Rob Schulhof discovered that Bind incorrectly handled a large number of UPDATE messages. A remote attacker could possibly use this issue to...
libtiff: Assertion fail in rotateImage() function at tiffcrop.c
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input...
libtiff security update
An update is available for libtiff. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...
RHEL 9 : libtiff (RHSA-2023:0302)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0302 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: LibTiff: DoS from...
The vulnerability of the SAML implementation for the application’s single-input module of the Mendix software development and application testing platform allows a perpetrator to gain access to protected information.
The vulnerability of the SAML implementation for application single-sign-on in the Mendix software development and application testing platform relates to insufficient protection of the web page structure. Exploiting this vulnerability could allow a malicious actor to gain access to protected...