7041 matches found
bind -- denial of service vulnerability
ISC reports: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c...
bind -- denial of service vulnerability
ISC reports: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c...
bind: denial of service
CVE-2016-1285: Testing by ISC has uncovered a defect in control channel input handling which can cause named to exit due to an assertion failure in sexpr.c or alist.c when a malformed packet is sent to named's control channel the interface which allows named to be controlled using the 'rndc"...
CVE-2016-2844
CVE-2016-2844 affects Blink/WebKit as used in Google Chrome prior to 49.0.2623.75. The issue is an improper determination of when anonymous block wrappers may exist in LayoutBlock.cpp, which can allow remote attackers to trigger a denial of service via an incorrect cast and assertion failure, wit...
Squid 3.x < 3.5.15 / 4.x < 4.0.7 Multiple DoS
According to its banner, the version of Squid running on the remote host is 3.x prior to 3.5.15 or 4.x prior to 4.0.7. It is, therefore, potentially affected by multiple denial of service vulnerabilities : - A flaw exists due to not properly appending data to String objects. A remote attacker can...
openssl: assertion failure in SSLv2 servers
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...
CVE-2016-2572
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a malformed response...
CVE-2016-2569
CVE-2016-2569 affects Squid (3.x before 3.5.15 and 4.x before 4.0.7). The issue is an incorrect boundary check when appending data to a String object for HTTP headers (notably the Vary header) in responses, which can cause an assertion failure and crash the daemon via a crafted header. Multiple c...
CVE-2016-2571
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a malformed response...
CVE-2016-2570
The Edge Side Includes ESI parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a crafted XML document, related to esi/CustomParser.cc and...
ISC BIND apl_42.c INSIST Assertion Failure Denial of Service (CVE-2015-8704)
A denial-of-service vulnerability has been reported in BIND DNS package bind9. The vulnerability is due to an error in string format operations that causes the BIND daemon to exit with an INSIST assertion failure when processing certain records. A remote attacker could exploit this vulnerability...
DNS BIND server vulnerability, allowing attackers to cause service failures
The vulnerability of the DNS BIND server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to cause a service failure—such as the appearance of an error message “Assertion failure” or the termination of the daemon—by using a specially...
DNS BIND server vulnerability, which allows attackers to cause service failures or exert other effects
The vulnerability of the DNS BIND server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures or other adverse effects, such as the appearance of an error message indicating “Assertion failure” or the termination ...
ISC BIND 9.9.8-Sx < 9.9.8-S5 REQUIRE Assertion DoS
According to its self-reported version number, the version of BIND 9 Supported Preview Edition running on the remote host is version 9.9.8-Sx prior to 9.9.8-S5. It is, therefore, affected by a denial of service vulnerability due to a flaw in file rdataset.c related to handling flag values in...
Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20160128)
An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with...
RHEL 7 : qemu-kvm (RHSA-2016:0083)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0083 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the...
RedHat Update for qemu-kvm RHSA-2016:0083-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 6 : bind (RHSA-2016:0078)
"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0078 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named C...
Important: Red Hat Security Advisory: qemu-kvm security and bug fix update
Updated qemu-kvm packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
bind: TKEY query handling flaw leading to denial of service
A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named functioning as an authoritative DNS server or a DNS resolver exit unexpectedly with an assertion failure via a specially crafted DNS request packet...