Lucene search
K

7041 matches found

OSV
OSV
added 2017/01/11 9:56 p.m.7 views

SUSE-SU-2017:0113-1 Security update for bind

This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. CVE-2016-9131, bsc1018700, bsc1018699 - Fix a potential assertion failure that could have...

7.5CVSS7.5AI score0.40556EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2017/01/11 12:0 a.m.22 views

CVE-2016-9778

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met...

7.5CVSS6.8AI score0.06787EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2017/01/11 12:0 a.m.56 views

BIND -- multiple vulnerabilities

ISC reports: A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache. Depending on the type of query and the EDNS options in the query they receive,...

2AI score
Exploits0References4
OpenVAS
OpenVAS
added 2017/01/11 12:0 a.m.39 views

Debian Security Advisory DSA 3758-1 (bind9 - security update)

Several denial-of-service vulnerabilities assertion failures were discovered in BIND, a DNS server implementation. CVE-2016-9131 A crafted upstream response to an ANY query could cause an assertion failure. CVE-2016-9147 A crafted upstream response with self-contradicting DNSSEC data could cause ...

5CVSS0.7AI score0.40556EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/01/06 12:0 a.m.43 views

ISC BIND 'buffer.c' Assertion Failure Denial of Service Vulnerability - Linux

ISC BIND is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; ifdescription...

7.8CVSS7.7AI score0.89482EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2017/01/06 12:0 a.m.20 views

ISC BIND 'buffer.c' Assertion Failure Denial of Service Vulnerability - Windows

ISC BIND is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; ifdescription...

7.8CVSS7.7AI score0.89482EPSS
Exploits7References2
CNVD
CNVD
added 2017/01/03 12:0 a.m.2 views

ISC BIND 9 db.c Assertion Failure Denial of Service Vulnerability

BIND is a suite of open source software for implementing the DNS protocol. A db.c assertion failure denial of service vulnerability exists in ISC BIND 9. When an authoritative server overrides a zone using the nxdomain-redirect feature, an attacker can cause an assertion failure resulting in a...

7.5CVSS6.8AI score0.06787EPSS
Exploits0References1
CNVD
CNVD
added 2017/01/03 12:0 a.m.1 views

ISC BIND 9 DNSSEC Assertion Failure Denial of Service Vulnerability

ISC BIND is the United States Internet Systems Consortium ISC company maintains a set of open source software that implements the DNS protocol. A remote denial of service vulnerability exists in ISC BIND named, which can be exploited to cause a denial of service by an attacker who incorrectly...

7.5CVSS6.8AI score0.24602EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/12/27 12:0 a.m.46 views

Debian DSA-3746-1 : graphicsmagick - security update (ImageTragick)

Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based...

10CVSS7.5AI score0.97485EPSS
Exploits13References34
OSV
OSV
added 2016/12/23 5:59 a.m.3 views

ALPINE-CVE-2016-7785

The avireadseek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service assert fault via a crafted AVI file...

5.5CVSS6.7AI score0.01299EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/12/23 12:0 a.m.36 views

Debian: Security Advisory (DSA-3746-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.7AI score0.97485EPSS
Exploits13References5
Tenable Nessus
Tenable Nessus
added 2016/12/15 12:0 a.m.45 views

Scientific Linux Security Update : squid on SL7.x x86_64 (20161103)

The following packages have been upgraded to a newer upstream version: squid 3.5.20. Security Fixes : - Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid usi...

7.5CVSS7.4AI score0.35265EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2016/12/08 12:0 a.m.312 views

MariaDB 10.1.0 < 10.1.18 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.1.18. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.1.18 advisory. - Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before...

7CVSS7AI score0.06761EPSS
Exploits17References7
exploitpack
exploitpack
added 2016/12/06 12:0 a.m.30 views

Microsoft Edge - CBase­Scriptable::Private­Query­Interface Memory Corruption (MS16-068)

Microsoft Edge - CBase­Scriptable::Private­Query­Interface Memory Corruption MS16-068 Source: http://blog.skylined.nl/20161205001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge. I did not investigate this vulnerability thoroughly, so I...

0.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2016/11/28 12:0 a.m.6 views

PT-2017-12377 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.8.11 Description: The issue allows privileged KVM guest OS users to cause a denial of service, leading to an assertion failure and host OS crash, by accessing the Performance Monitors Cycle Count Register...

9.8CVSS7.5AI score0.15073EPSS
Exploits59References147
Hacker One
Hacker One
added 2016/11/27 9:39 a.m.23 views

shopify-scripts: Crash: Initialize Decimal with itself triggers an assertion

When Decimal is initialized with itself, a new empty mpdt will be created. To fill it with a value, tos of the current instance is called, which accesses the empty mpdt. This triggers an assertion, which leads to a crash. Patch I've created and attached a simple patch which just returns self when...

7.2AI score
Exploits0
CNVD
CNVD
added 2016/11/23 12:0 a.m.1 views

LibTIFFtif_predict.h/tif_predict.c Buffer Overflow Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A buffer overflow vulnerability exists in libtiff version 4.0.6 in tifpredict.h/tifpredict.c...

9.8CVSS9.8AI score0.04767EPSS
Exploits0References1
NVD
NVD
added 2016/11/22 7:59 p.m.21 views

CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

9.8CVSS8AI score0.04767EPSS
Exploits0References6
OSV
OSV
added 2016/11/22 7:59 p.m.2 views

DEBIAN-CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

9.8CVSS8.1AI score0.04767EPSS
Exploits0References1
OSV
OSV
added 2016/11/22 7:59 p.m.6 views

CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

9.8CVSS7.9AI score
Exploits0References6
Rows per page
Query Builder