3296 matches found
SVG nanosvg Library Memory Corruption / Denial Of Service
The SVG library nanosvg 0 suffers from a memory corruption bug that can lead to at least DoS. The bug exists in the nsvgparseColorRGB function, which can be reached by parsing a malicious SVG file through nsvgParseFromFile or nsvgParse. This should also affect libraries/packages that provide...
OPENSUSE-SU-2019:0131-1 Security update for pdns-recursor
This update for pdns-recursor to version 4.1.10 fixes the following issues: Security issues fixed: - CVE-2019-3806: Fixed a case when Lua hooks are not called over TCP boo1121887 - CVE-2019-3807: Fixed an issue where DNSSEC validation was not performed for AA=0 responses boo1121889...
Security update for pdns-recursor (moderate)
openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2019:0131-1 Rating: moderate References: 1121887 1121889 Cross-References: CVE-2019-3806 CVE-2019-3807 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 An update that fixes two vulnerabilities...
PowerDNS Recursor Lua Security Policy Bypass Vulnerability
PowerDNS Recursor aka pdnsrecursor is a domain name resolution server from the Dutch company PowerDNS. A security feature issue vulnerability exists in PowerDNS Recursor versions 4.1.4 through 4.1.8, which arises from the program failing to implement the Lua hooks mechanism for queries received...
Fedora 29 : lua (2019-ee57bda7ae)
Security fix for CVE-2019-6706. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
DEBIAN-CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
Code injection
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
UBUNTU-CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
CVE-2019-3806
PowerDNS Recursor (pdns-recursor) version range affected: after 4.1.3 up to before 4.1.9. The issue stems from Lua hooks not being properly applied to TCP queries in certain settings, potentially bypassing security policies enforced via Lua. Exploitation details are not provided in the supplied d...
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
FreeBSD : powerdns-recursor -- multiple vulnerabilities (40d92cc5-1e2b-11e9-bef6-6805ca2fa271)
PowerDNS Team reports : CVE-2019-3806: An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. When the recursor is configured to run with...
Lua 5.3.5 - debug.upvaluejoin Use After Free
Lua 5.3.5 - debug.upvaluejoin Use After Free Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Lin...
Lua 5.3.5 - debug.upvaluejoin Use After Free Exploit
Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Link: https://www.lua.org/ftp/lua-5.3.5.tar.gz...
Lua 5.3.5 Use-After-Free
Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Link: https://www.lua.org/ftp/lua-5.3.5.tar.gz...
Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Link: https://www.lua.org/ftp/lua-5.3.5.tar.gz...
CVE-2019-6706
Lua 5.3.5 has a use-after-free in luaupvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships...