Lucene search
+L

159 matches found

Talos
Talos
added 2017/11/20 12:0 a.m.69 views

Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability

Summary An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this...

10CVSS8.6AI score0.01943EPSS
Exploits3
NVD
NVD
added 2017/10/03 1:29 a.m.24 views

CVE-2017-14496

Integer underflow in the addpseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request...

7.8CVSS7.7AI score0.66347EPSS
Exploits5References22
OSV
OSV
added 2017/10/03 1:29 a.m.36 views

CVE-2017-14496

Integer underflow in the addpseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request...

7.5CVSS6.7AI score
Exploits0References22
Prion
Prion
added 2017/10/03 1:29 a.m.89 views

Integer overflow

Integer underflow in the addpseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request...

7.8CVSS7.9AI score0.66347EPSS
Exploits5References22Affected Software8
Cvelist
Cvelist
added 2017/10/02 9:0 p.m.25 views

CVE-2017-14496

Integer underflow in the addpseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request...

8.2AI score0.66347EPSS
Exploits5References22
CVE
CVE
added 2017/10/02 9:0 p.m.873 views

CVE-2017-14496

CVE-2017-14496: dnsmasq contains an integer underflow in the EDNS0 add_pseudoheader handling when --add-mac, --add-cpe-id, or --add-subnet is used, allowing a denial of service via crafted DNS requests. Public advisories (CentOS/RH, Arch Linux, AWS ALAS) and Arista note fixes, with upgrades to dn...

7.8CVSS8.1AI score0.66347EPSS
Exploits5References22Affected Software7
Debian CVE
Debian CVE
added 2017/10/02 9:0 p.m.51 views

CVE-2017-14496

Integer underflow in the addpseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request...

7.8CVSS8.5AI score0.66347EPSS
Exploits5
AlpineLinux
AlpineLinux
added 2017/10/02 9:0 p.m.47 views

CVE-2017-14496

Integer underflow in the addpseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request...

7.8CVSS8.4AI score0.66347EPSS
Exploits5
UbuntuCve
UbuntuCve
added 2017/10/02 12:0 a.m.50 views

CVE-2017-14496

Integer underflow in the addpseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request...

7.8CVSS7.3AI score0.66347EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2017/09/20 12:0 a.m.40 views

Fedora 25 : ruby (2017-e136d63c99)

Fix ANSI escape sequence vulnerability CVE-2017-0899. - Fix DoS vulnerability in the query command CVE-2017-0900. - Fix a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files CVE-2017-0901. - Fix DNS request hijacking vulnerability CVE-2017-0902. - Fix...

9.8CVSS7.1AI score0.29442EPSS
Exploits6References6
FreeBSD
FreeBSD
added 2017/08/29 12:0 a.m.22 views

rubygems -- multiple vulnerabilities

Official blog of RubyGems reports: The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary...

1.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/04/28 12:0 a.m.60 views

Amazon Linux AMI : bind (ALAS-2017-826)

A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. CVE-2017-3137 A denial ...

7.5CVSS6.7AI score0.11093EPSS
Exploits0References3
Amazon
Amazon
added 2017/04/27 12:0 a.m.58 views

Important: bind

Issue Overview: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...

7.5CVSS7AI score0.11093EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/01/12 12:0 a.m.30 views

GLSA-201701-26 : BIND: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201701-26 BIND: Denial of Service A defect in BINDs handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c. Impact : A remote attacker could send ...

7.5CVSS7.5AI score0.38733EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2017/01/11 12:0 a.m.43 views

BIND: Denial of service

Background BIND Berkeley Internet Name Domain is a Name Server. Description A defect in BIND’s handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c. Impact A remote attacker could send a specially crafted DNS...

7.5CVSS8AI score0.38733EPSS
Exploits0
OSV
OSV
added 2016/10/06 12:0 a.m.16 views

DLA-648-1 c-ares - security update

Bulletin has no description...

9.8CVSS9.5AI score0.08583EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/10/05 12:0 a.m.24 views

Debian Security Advisory DSA 3682-1 (c-ares - security update)

Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution. OpenVAS Vulnerability Test $Id: deb3682.nasl 6608 2017-07-0...

7.5CVSS0.4AI score0.08583EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/09/29 12:0 a.m.33 views

Amazon Linux AMI : bind (ALAS-2016-751)

A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. C Tenable Network Security, Inc. The...

7.8CVSS7.3AI score0.89482EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2016/09/29 12:0 a.m.24 views

Scientific Linux Security Update : bind on SL5.x, SL6.x, SL7.x i386/x86_64 (20160928)

Security Fixes : - A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. CVE-2016-2776 %NASLMINLEVE...

7.8CVSS7.3AI score0.89482EPSS
Exploits7References2
RedHat Linux
RedHat Linux
added 2016/09/28 11:20 a.m.13 views

bind: assertion failure in buffer.c while building responses to a specifically constructed request

A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet...

7.8CVSS7.1AI score0.89482EPSS
Exploits7References5
Rows per page
Query Builder