7041 matches found
ALPINE-CVE-2016-2776
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...
CVE-2016-2776
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...
CVE-2016-2776
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...
Important: bind
Issue Overview: A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. Affected Packages: bind Issue...
ISC BIND 9 suffers from buffer.c Assertion Error Denial of Service Vulnerability
ISC BIND 9 is a set of DNS domain name resolution service software maintained by the Internet Systems Consortium ISC organization. ISC BIND 9 suffers from a buffer.c assertion error denial of service vulnerability. A remote attacker can exploit the vulnerability to cause the program to fail an...
[slackware-security] bind
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bind-9.10.4P3-i586-1slack14.2.txz: Upgraded. This update fixes a denial-of-service vulnerability. Testi...
UBUNTU-CVE-2016-2776
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...
CVE-2016-7420
Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...
CVE-2016-7420
Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...
Design/Logic Flaw
Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...
CVE-2016-7420
Crypto++ (cryptopp) up to version 5.6.4 is vulnerable to information disclosure due to missing documentation of the NDEBUG compile-time switch to disable asserts, enabling context-dependent attackers to access sensitive data from process memory after an assertion failure (e.g., core dumps). Upstr...
CVE-2016-7420
Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...
CVE-2016-7420
Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...
FreeBSD : FreeBSD -- routed(8) remote denial of service vulnerability (0d584493-600a-11e6-a6c3-14dae9d210b8)
The input path in routed8 will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. Impact : Upon receipt of a query from a source which is not on a directly connected network,...
libtiff: invalid assertion
tifluv.c in libtiff allows attackers to cause a denial of service out-of-bounds writes via a crafted TIFF image, a different vulnerability than CVE-2015-8781...
XML signature wrapping attack
ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion. ruby-saml users must...
ruby-saml -- XML signature wrapping attack
RubySec reports: ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion...
AIX 5.3 TL 12 : bind (IV85298) (deprecated)
https://vulners.com/cve/CVE-2016-1285 ISC BIND is vulnerable to a denial of service, caused by the improper handling of control channel input. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to trigger an assertion failure in sexpr.c or alist.c and cause...
AIX 6.1 TL 9 : bind (IV84456) (deprecated)
https://vulners.com/cve/CVE-2016-1285 ISC BIND is vulnerable to a denial of service, caused by the improper handling of control channel input. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to trigger an assertion failure in sexpr.c or alist.c and cause...
AIX 7.1 TL 3 : bind (IV85296) (deprecated)
https://vulners.com/cve/CVE-2016-1285 ISC BIND is vulnerable to a denial of service, caused by the improper handling of control channel input. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to trigger an assertion failure in sexpr.c or alist.c and cause...