74 matches found
CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...
UBUNTU-CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...
CVE-2019-18936
UniValue::read in UniValue before 1.0.5 allow attackers to cause a denial of service the class internal data reaches an inconsistent state via input data that triggers an error...
ALPINE-CVE-2017-3135
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 - 9.9.9-S7, 9.9.3 - 9.9.9-P5, 9.9.10b1,...
DEBIAN-CVE-2017-3135
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 - 9.9.9-S7, 9.9.3 - 9.9.9-P5, 9.9.10b1,...
OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...
OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...
OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...
openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4073)
Mozilla XULRunner 1.9.1 was updated to version 1.9.1.17, fixing various security issues. Following security issues were fixed: MFSA 2010-74 / CVE-2010-3777: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products...
Mozilla Foundation Security Advisory 2011-02
Mozilla Foundation Security Advisory 2011-02 Title: Recursive eval call causes confirm dialogs to evaluate to true Impact: Critical Announced: March 1, 2011 Reporter: Zach Hoffman Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.14 Firefox 3.5.17 SeaMonkey 2.0.12 Description Security researcher...
Recursive eval call causes confirm dialogs to evaluate to true — Mozilla
Security researcher Zach Hoffman reported that a recursive call to eval wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate t...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7280)
Mozilla Firefox 3.5 was updated to update 3.5.16 fixing several security issues. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...
Use-after-free error with nsDOMAttribute MutationObserver — Mozilla
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a nsDOMAttribute node can be modified without informing the iterator object responsible for various DOM traversals. This flaw could lead to a inconsistent state where the iterator points to an object it believes i...
squid -- DoS on failed PUT/POST requests vulnerability
The squid patches page notes: An inconsistent state is entered on a failed PUT/POST request making a high risk for segmentation faults or other strange errors...