Lucene search
K

7041 matches found

OSV
OSV
added 2016/09/28 10:59 a.m.2 views

ALPINE-CVE-2016-2776

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...

7.5CVSS6.7AI score0.89482EPSS
Exploits7References1
Debian CVE
Debian CVE
added 2016/09/28 10:0 a.m.33 views

CVE-2016-2776

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...

7.8CVSS7.5AI score0.89482EPSS
Exploits7
AlpineLinux
AlpineLinux
added 2016/09/28 10:0 a.m.40 views

CVE-2016-2776

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...

7.8CVSS6.7AI score0.89482EPSS
Exploits7
Amazon
Amazon
added 2016/09/28 12:0 a.m.53 views

Important: bind

Issue Overview: A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. Affected Packages: bind Issue...

7.8CVSS7.8AI score0.89482EPSS
Exploits7
CNVD
CNVD
added 2016/09/28 12:0 a.m.1 views

ISC BIND 9 suffers from buffer.c Assertion Error Denial of Service Vulnerability

ISC BIND 9 is a set of DNS domain name resolution service software maintained by the Internet Systems Consortium ISC organization. ISC BIND 9 suffers from a buffer.c assertion error denial of service vulnerability. A remote attacker can exploit the vulnerability to cause the program to fail an...

7.8CVSS6.8AI score0.89482EPSS
Exploits7References1
Slackware Linux
Slackware Linux
added 2016/09/27 7:49 p.m.33 views

[slackware-security] bind

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bind-9.10.4P3-i586-1slack14.2.txz: Upgraded. This update fixes a denial-of-service vulnerability. Testi...

7.8CVSS7.8AI score0.89482EPSS
Exploits7
OSV
OSV
added 2016/09/27 12:0 a.m.1 views

UBUNTU-CVE-2016-2776

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...

7.5CVSS7.2AI score0.89482EPSS
Exploits7References4
NVD
NVD
added 2016/09/16 5:59 a.m.11 views

CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

5.9CVSS5.4AI score0.02288EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2016/09/16 5:59 a.m.23 views

CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

5.9CVSS6.6AI score0.02288EPSS
Exploits0References5
Prion
Prion
added 2016/09/16 5:59 a.m.10 views

Design/Logic Flaw

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

4.3CVSS6.4AI score0.02288EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2016/09/16 12:0 a.m.54 views

CVE-2016-7420

Crypto++ (cryptopp) up to version 5.6.4 is vulnerable to information disclosure due to missing documentation of the NDEBUG compile-time switch to disable asserts, enabling context-dependent attackers to access sensitive data from process memory after an assertion failure (e.g., core dumps). Upstr...

5.9CVSS6.1AI score0.02288EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2016/09/16 12:0 a.m.16 views

CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

5.9CVSS5.8AI score0.02288EPSS
Exploits0
Cvelist
Cvelist
added 2016/09/16 12:0 a.m.24 views

CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

5.7AI score0.02288EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2016/08/12 12:0 a.m.34 views

FreeBSD : FreeBSD -- routed(8) remote denial of service vulnerability (0d584493-600a-11e6-a6c3-14dae9d210b8)

The input path in routed8 will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. Impact : Upon receipt of a query from a source which is not on a directly connected network,...

6.5CVSS6.6AI score0.02649EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/08/02 4:59 p.m.3 views

libtiff: invalid assertion

tifluv.c in libtiff allows attackers to cause a denial of service out-of-bounds writes via a crafted TIFF image, a different vulnerability than CVE-2015-8781...

6.5CVSS7.4AI score0.0266EPSS
Exploits0References4
RubySec
RubySec
added 2016/06/24 12:0 a.m.14 views

XML signature wrapping attack

ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion. ruby-saml users must...

7.5CVSS3.3AI score0.01208EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2016/06/24 12:0 a.m.33 views

ruby-saml -- XML signature wrapping attack

RubySec reports: ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion...

7.5CVSS2.8AI score0.01208EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/06/20 12:0 a.m.30 views

AIX 5.3 TL 12 : bind (IV85298) (deprecated)

https://vulners.com/cve/CVE-2016-1285 ISC BIND is vulnerable to a denial of service, caused by the improper handling of control channel input. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to trigger an assertion failure in sexpr.c or alist.c and cause...

7.9AI score0.621EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/06/20 12:0 a.m.49 views

AIX 6.1 TL 9 : bind (IV84456) (deprecated)

https://vulners.com/cve/CVE-2016-1285 ISC BIND is vulnerable to a denial of service, caused by the improper handling of control channel input. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to trigger an assertion failure in sexpr.c or alist.c and cause...

7.9AI score0.621EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/06/20 12:0 a.m.42 views

AIX 7.1 TL 3 : bind (IV85296) (deprecated)

https://vulners.com/cve/CVE-2016-1285 ISC BIND is vulnerable to a denial of service, caused by the improper handling of control channel input. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to trigger an assertion failure in sexpr.c or alist.c and cause...

7.9AI score0.621EPSS
Exploits0References3
Rows per page
Query Builder