CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

Null pointer dereference

An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability...

Apache Httpd < 2.4.26 : mod_http2 Null Pointer Dereference

A maliciously constructed HTTP/2 request could cause modhttp2 to dereference a NULL pointer and crash the server process...

Debian DSA-3703-1 : bind9 - security update

Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...

Updated iperf packages fix security vulnerability

A malicious process can connect to an iperf server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash and a denial of service, or theoretically a remote code execution as the user running the iperf server. A malicious iperf...

Ubuntu: Security Advisory (USN-2883-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

krb5: multiple issues

CVE-2014-5355 denial of service When a server process uses the krb5recvauth function, an unauthenticated remote attacker can cause a NULL dereference by sending a zero-byte version string, or a read beyond the end of allocated storage by sending a non-null-terminated version string. The example...

Low: Red Hat Enhancement Advisory: Red Hat JBoss Enterprise Application Platform 6.4.1 update on RHEL 5

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.1, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server...

Debian DSA-3271-1 : nbd - security update

Tuomas Rasanen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service. Tuomas Rasanen also discovered that the modern-style negotiation was carried...

icecast: information leak

It was reported that Icecast could possibly leak the contents of on-connect scripts to clients, which may contain sensitive information. If on-connect/on-disconnect scripts are used, file descriptors of the server process remain open and could be written to or read from. Most pressing STDIN,...

LibVNCServer scale.c rfbSendNewScaleSize Use After Free

A use-after-free vulnerability has been found in LibVNCServer. The vulnerability is due to an issue with processing wrt scaling messages. A remote attacker can exploit this vulnerability by sending a wrt scaling message and terminating the connection before receiving server's response. Successful...

PowerDNS Recursor Denial of Service (CVE-2014-3614)

A denial-of-service vulnerability has been found in PowerDNS Recursor. The vulnerability is due to insufficient validation of DNS queries. A remote unauthenticated attacker could exploit this vulnerability by sending maliciously crafted DNS queries to a vulnerable server. Successful exploitation...

Cisco IOS XR Software DHCPv6 Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the DHCPv6 server process on an affected device to crash. The vulnerability is due to incorrect handling of malformed DHCPv6 packets. An attacker could exploit this...

WolfPack Development XSHIPWARS 1.0/1.2.4 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/863/info Xshipwars a graphical 'star battle' client/server based game which runs a variety of platforms. Certain versions of the server which facilitates this game versions before 1.25 had a remotely exploitable buffer...

Blog Torrent 0.8 - Remote Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11795/info It is reported that Blog Torrent is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied input. Blog Torrent preview 0.8...

Half-Life StatsMe 2.6.x Plug-in CMD_ARGV Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6575/info The Half-Life StatsMe plug-in is prone to an exploitable buffer overflow condition. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute...

Half-Life StatsMe 2.6.x Plug-in MakeStats Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6578/info The Half-Life StatsMe plug-in is prone to an exploitable format string vulnerability. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute...

FileCOPA FTP Server 5.01 'NOOP' Command Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36397/info FileCOPA FTP Server is prone to a denial-of-service vulnerability. A successful exploit may allow attackers to halt the server process, resulting in a denial-of-service condition. FileCOPA FTP Server 5.01 is...

Psunami Bulletin Board 0.x Psunami.CGI Remote Command Execution Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/6607/info Psunami Bulletin Board is prone to a remote command execution vulnerability. Psunami does not sufficiently sanitize shell metacharacters from query string parameters. As a result, it may be possible for a remote...

OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/5363/info A buffer-overflow vulnerability has been reported in some versions of OpenSSL. The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. A malicious client may be abl...