Lucene search
K

7041 matches found

ATTACKERKB
ATTACKERKB
added 2017/04/20 6:59 p.m.4 views

CVE-2016-7540

coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service assertion failure by converting an image to rgf format...

6.5CVSS5.6AI score0.02771EPSS
Exploits0References7
Amazon
Amazon
added 2017/04/20 12:0 a.m.43 views

Medium: GraphicsMagick

Issue Overview: The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service out-of-bounds read and application crash via a small samples per pixel value in a CMYKA TIFF file.CVE-2017-6335 The WPG format reader in...

9.8CVSS8.1AI score0.03905EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2017/04/19 6:28 a.m.85 views

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS6.8AI score0.11093EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2017/04/13 6:18 a.m.26 views

CVE-2017-3138

A denial of service flaw was found in the way BIND processed control channel commands. A remote attacker with access to the BIND control channel could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted command...

6.5CVSS2.9AI score0.05478EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/04/13 5:48 a.m.27 views

CVE-2017-3136

A denial of service flaw was found in the way BIND handled query requests when using DNS64 with "break-dnssec yes" option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request. Mitigation Servers which have...

5.9CVSS3.1AI score0.11093EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2017/04/13 12:0 a.m.8 views

The vulnerability of the OpenBSD operating system, which allows a hacker to trigger a service failure

The vulnerability of the OpenBSD operating system is related to errors in number processing. Exploiting this vulnerability allows a malicious actor, operating locally, to cause a service failure—i.e., the appearance of a “Assertion failure” window and a kernel error. This occurs by using a large...

4.9CVSS5.8AI score0.00429EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/04/13 12:0 a.m.44 views

SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:0998-1)

This update for bind fixes the following issues: CVE-2017-3137 bsc1033467: Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion...

7.5CVSS6.7AI score0.63346EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2017/04/13 12:0 a.m.32 views

FreeBSD : BIND -- multiple vulnerabilities (c6861494-1ffb-11e7-934d-d05099c0ae8c)

ISC reports : A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other...

7.5CVSS6.6AI score0.11093EPSS
Exploits0References7
OSV
OSV
added 2017/04/12 12:0 a.m.1 views

UBUNTU-CVE-2017-3137

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND...

7.5CVSS6.9AI score0.08902EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/04/12 12:0 a.m.32 views

CVE-2017-3137

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND...

7.5CVSS6.9AI score0.08902EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2017/04/12 12:0 a.m.31 views

BIND -- multiple vulnerabilities

ISC reports: A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other...

7AI score
Exploits0References3
OSV
OSV
added 2017/04/09 2:59 p.m.2 views

CVE-2017-7605

aacplusenc.c in HE-AAC+ Codec aka libaacplus 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

7.8CVSS5.9AI score0.01506EPSS
Exploits1References2
NVD
NVD
added 2017/04/09 2:59 p.m.12 views

CVE-2017-7605

aacplusenc.c in HE-AAC+ Codec aka libaacplus 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

7.8CVSS8AI score0.01506EPSS
Exploits1References2
Prion
Prion
added 2017/04/09 2:59 p.m.14 views

Design/Logic Flaw

aacplusenc.c in HE-AAC+ Codec aka libaacplus 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

6.8CVSS8AI score0.01506EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/04/09 2:0 p.m.59 views

CVE-2017-7605

CVE-2017-7605 affects HE-AAC+ Codec (libaacplus) 2.0.2, with an assertion failure in aacplusenc.c that could allow a crafted audio file to cause a denial of service (application crash). Connected sources confirm the same issue and note related 7603/7604 variants exist in the same library. No publ...

7.8CVSS8AI score0.01506EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/04/09 2:0 p.m.17 views

CVE-2017-7605

aacplusenc.c in HE-AAC+ Codec aka libaacplus 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

8.1AI score0.01506EPSS
Exploits1References2
CNVD
CNVD
added 2017/03/27 12:0 a.m.4 views

NetIQ Access Manager Information Disclosure Vulnerability

NetIQ Access Manager provides a simple, secure, and scalable solution to handle all Web access needs. The SAML2 implementation of the Identity Server in NetIQ Access Manager fails to properly handle unsigned SAML requests, allowing an attacker to disclose the results to a potentially malicious...

7.5CVSS6.7AI score0.0109EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/03/25 8:15 a.m.18 views

shopify-scripts: SIGABRT in mrb_debug_info_append_file

PoC ------------------- The following code triggers the bug attached as testmrbdebuginfoappendfile.rb: i""do"".+end mirb ------------------- x@x:/Desktop/test/mruby/bin$ ./mirb testmrbdebuginfoappendfile.rb mirb - Embeddable Interactive Ruby Shell mirb: /home/x/Desktop/test/mruby/src/debug.c:136:...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2017/03/24 2:38 p.m.19 views

shopify-scripts: Garbage collector crash

This github issue-tt != MRBTTFREE' failed. Aborted The issue was reintroduced in ecee8c51b0ad8cddd9e422a3e5105f902d7e2781 and is still present in 051e40c0493f2de332f5439e3230c9fe6958bf1a. The issue is fixed by reverting ecee8c51b0ad8cddd9e422a3e5105f902d7e2781. Thank you, Dinko Galetic Denis Kasa...

0.4AI score
Exploits0
NVD
NVD
added 2017/03/23 6:59 p.m.16 views

CVE-2016-9399

The calcstepsizes function in jpcdec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service assertion failure via unspecified vectors...

7.5CVSS7.2AI score0.03757EPSS
Exploits0References8
Rows per page
Query Builder