ISC BIND buffer.c REQUIRE Assertion Failure Denial of Service (CVE-2015-8705)

A denial-of-service vulnerability has been reported in BIND DNS package bind9. The vulnerability is due to improper conversion of OPT resource records ECS options to text format. A remote, unauthenticated attacker could exploit this vulnerability against Recursive or Authoritative DNS servers tha...

CVE-2016-2074

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command...

bind: denial of service

CVE-2015-8704 denial of service A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl42.c. A server could exit while performing certain string formatting operations. Examples include but may not be limited to: 1 Slaves using text-format db...

Mageia: Security Advisory (MGASA-2016-0030)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated bind packages fix security vulnerability

In ISC BIND before 9.10.3-P3, a buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl42.c CVE-2015-8704. In ISC BIND before 9.10.3-P3, errors can occur when OPT pseudo-RR data or ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the...

CVE-2015-8705

buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit, or daemon crash or possibly have unspecified other impact via 1 OPT data or 2 an ECS option...

RTMPDump librtmp AMF3 MemberName Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0066 RTMPDump librtmp AMF3 MemberName Denial of Service Vulnerability January 7, 2016 CVE Number CVE-2015-8270 Description The vulnerability occurs within the AMF3ReadString function within amf.c. If an attacker sets up a malicious RTMP Media server that...

How to Enable Debug Logging for Proxy Events on Citrix Cloud Connector

This article outlines the process to output additional debugging messages relating to proxy connectivity for the Citrix Cloud Connector to the Windows Event Logs. Note: If you are experiencing connectivity issues, run the Connectivity Check tooltoverify reachability proxy servers plus other Citri...

CVE-2015-6375

The debug-logging aka debug cns feature in Cisco Networking Services CNS for IOS 15.22E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010...

Design/Logic Flaw

The debug-logging aka debug cns feature in Cisco Networking Services CNS for IOS 15.22E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010...

IBM WebSphere Commerce Debug Logging Local Information Disclosure Vulnerability

IBM WebSphere Commerce is the industry's leading next-generation e-business solution. Some command line scripts of IBM WebSphere Commerce run in debug state, which can record user data to log files and lead to information leakage...

CVE-2013-2599

A certain Qualcomm Innovation Center QuIC patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum CAF releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption...

Code injection

A certain Qualcomm Innovation Center QuIC patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum CAF releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption...

CVE-2013-2599

CVE-2013-2599 refers to a Code Aurora Forum (CAF) patch in Android 4.1.x–4.3.x that modifies NativeDaemonConnector.java. The vulnerability arises from debug logging enabled by this patch, allowing a logcat command to reveal sensitive disk-encryption passwords. Documents from NVD/NIST describe the...

CVE-2013-2599

A certain Qualcomm Innovation Center QuIC patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum CAF releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption...

Tor < 0.1.2.16 ControlPort Remote Rewrite Exploit

No description provided by source. !-- Tor 0.1.2.16 with ControlPort enabled not default Exploit for Tor ControlPort torrc Rewrite Vulnerability http://secunia.com/advisories/26301 Rewrites the torrc to log to a different location: C:\Documents and Settings\All Users\Start...

Default credentials

EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console...

DEBIAN-CVE-2013-2006

OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...

PYSEC-2013-40

OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...

Format string

Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file...