Cross site request forgery (csrf)

M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...

Design/Logic Flaw

psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...

CVE-2012-4671

psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...

CVE-2012-2102

MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service assertion failure and mysqld abort by deleting a record and using HANDLER READ NEXT...

Design/Logic Flaw

MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service assertion failure and mysqld abort by deleting a record and using HANDLER READ NEXT...

CVE-2012-2102

MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service assertion failure and mysqld abort by deleting a record and using HANDLER READ NEXT...

Debian Security Advisory DSA 2517-1 (bind9)

The remote host is missing an update to bind9 announced via advisory DSA 2517-1. OpenVAS Vulnerability Test $Id: deb25171.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2517-1 bind9 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD : FreeBSD -- named(8) DNSSEC validation Denial of Service (0f020b7b-e033-11e1-90a2-000c299b62e1)

Problem description : BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries...

bind security update

CentOS Errata and Security Advisory CESA-2012:1139 An updated bind-dyndb-ldap package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...

Important: Red Hat Security Advisory: bind-dyndb-ldap security update

An updated bind-dyndb-ldap package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RedHat Update for bind-dyndb-ldap RHSA-2012:1139-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for bind-dyndb-ldap CESA-2012:1139 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Important: bind

Issue Overview: An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. CVE-2012-381...

CentOS 6 : bind-dyndb-ldap (CESA-2012:1139)

An updated bind-dyndb-ldap package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Scientific Linux Security Update : bind97 on SL5.x i386/x86_64

"The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Scientific Linux Security Update : bind security for SL 4.x on i386/x86_64

CVE-2009-0696 bind: DoS assertion failure via nsupdate packets A flaw was found in the way BIND handles dynamic update message packets containing the 'ANY' record type. A remote attacker could use this flaw to send a specially crafted dynamic update packet that could cause named to exit with an...

Scientific Linux Security Update : bind on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was discovered in the way BIND checked the return value of the OpenSSL DSAdoverify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. CVE-2009-0025 For users of Red Hat Enterpris...

Scientific Linux Security Update : openldap on SL5.x i386/x86_64

A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather th...

Scientific Linux Security Update : bind for SL 3.0.x on i386/x86_64

CVE-2009-0696 bind: DoS assertion failure via nsupdate packets A flaw was found in the way BIND handles dynamic update message packets containing the 'ANY' record type. A remote attacker could use this flaw to send a specially crafted dynamic update packet that could cause named to exit with an...

bind: heavy DNSSEC validation load can cause assertion failure

ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service assertion...