23 matches found
CVE-2018-15919
CVE-2018-15919 affects OpenSSH up to version 7.8, where Remotely observable behaviour in auth-gss2.c could allow a remote attacker to enumerate existing usernames when GSS2 is used. The IBM/linked bulletin explicitly notes the discoverer’s statement that username enumeration is not treated as a v...
CVE-2017-15906
OpenSSH OpenSSH sftp-server.c contains a write-blocking flaw in readonly mode that can let an attacker create zero-length files. Specifically, the process_open function in sftp-server.c mishandles write operations when in read-only mode, affecting OpenSSH versions prior to 7.6. The vulnerability ...
CVE-2018-15473
OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...
CVE-2016-10708
OpenSSH sshd before 7.4 is vulnerable to a denial of service caused by a NULL pointer dereference when processing an out-of-sequence NEWKEYS message (kex.c/packet.c). This affects the OpenSSH server; exploitation leads to daemon crash as demonstrated by Honggfuzz. Affected products include OpenSS...
CVE-2018-5740
CVE-2018-5740 is a flaw in the deny-answer-aliases feature of BIND that can cause an assertion failure in named, potentially restarting the bind process (denial of service). Affected BIND versions include 9.7.0–9.8.8, 9.9.0–9.9.13, 9.10.0–9.10.8, 9.11.0–9.11.4, 9.12.0–9.12.2, and 9.13.0–9.13.2. R...
CVE-2017-3145
CVE-2017-3145 affects BIND: the resolver incorrectly sequenced cleanup operations on upstream recursion fetch contexts, causing a use-after-free that can trigger an assertion failure and crash named. Affected versions include BIND 9.0.0 through 9.8.x, 9.9.0–9.9.11, 9.10.0–9.10.6, 9.11.0–9.11.2, 9...
CVE-2016-8864
CVE-2016-8864 affects ISC BIND DNS server. A denial-of-service can be triggered by processing responses containing a DNAME answer in db.c/resolver.c during recursive queries, causing an assertion failure and named exit. Affected are BIND 9.x releases listed in the advisory (pre-9.9.9-P4, pre-9.10...
CVE-2016-9131
CVE-2016-9131 concerns ISC BIND and is triggered by improper handling of responses during recursion. A remote attacker can send a malformed RTYPE ANY response to cause an assertion failure and named process exit, i.e., a denial-of-service. Public advisories confirm affected versions across multip...
CVE-2017-3136
CVE-2017-3136 is an assertion-failure denial of service in ISC BIND when handling DNS64 queries with break-dnssec yes. Affected versions span 9.8.0–9.11.1rc1 (exactly as listed: 9.8.0–9.8.8-P1; 9.9.0–9.9.9-P6; 9.9.10b1–9.9.10rc1; 9.10.0–9.10.4-P6; 9.10.5b1–9.10.5rc1; 9.11.0–9.11.0-P3; 9.11.1b1–9....
CVE-2018-12015
CVE-2018-12015 affects the Archive::Tar module in Perl (up to 5.26.2). The vulnerability lets a crafted tar archive bypass directory-traversal protection and overwrite arbitrary files when a tar contains a symlink and a regular file with the same name. Affected advisories/archives confirm the iss...
CVE-2018-6485
CVE-2018-6485 is an integer overflow in posix_memalign within glibc (memalign implementation) for versions 2.26 and earlier, which could cause a heap area to be too small and lead to heap corruption. The NVD CVSSv3/base score is 9.8 (CRITICAL) with network attack vector, no user interaction. Affe...
CVE-2016-8610
CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...
CVE-2018-11236
Summary (CVE-2018-11236) : In glibc, the realpath path processing path can trigger an integer overflow in 32-bit builds within stdlib/canonicalize.c when handling very long pathname arguments, producing a stack-based buffer overflow and potentially arbitrary code execution. The vulnerability affe...
CVE-2017-3135
ISC BIND 9 DNS64 and RPZ combined can crash the server. CVE-2017-3135 causes an assertion failure or NULL pointer dereference when query responses are rewritten with both DNS64 and RPZ enabled, leading to a denial of service. Affected versions include BIND 9.8.8 and 9.9.3–9.9.9 (S1–S7/P5), 9.9.10...
CVE-2018-5734
The CVE-2018-5734 issue concerns ISC BIND where handling a malformed DNS request causes an assertion failure in badcache.c due to selecting SERVFAIL instead of FORMERR. Affected versions are BIND 9.10.5-S1 to 9.10.5-S4 and 9.10.6-S1/S2. The connected documents describe the root cause as an incorr...
CVE-2018-11237
CVE-2018-11237: A buffer overflow in the AVX-512-optimized mempcpy implementation (__mempcpy_avx512_no_vzeroupper) of glibc (2.27 and earlier). The overflow occurs when copying data beyond the target buffer, as demonstrated by vulnerable mempcpy paths described in public advisories and exploits. ...
CVE-2017-3137
CVE-2017-3137 is a denial-of-service issue in BIND where a response containing CNAME or DNAME records can cause named to exit with an assertion failure when records are in an unusual order. Affected upstream releases include multiple 9.x series (e.g., 9.9.9-P6 through 9.11.1rc1, 9.9.9-S8; also li...
CVE-2017-3138
CVE-2017-3138 affects the BIND/named control channel. A regression can cause named to exit with a REQUIRE assertion failure when it receives a null command string on the control channel, potentially enabling denial-of-service. Affected versions in the CVE scope include BIND 9.9.9 through 9.11.1rc...
CVE-2018-5736
CVE-2018-5736 is an ISC BIND vulnerability affecting versions 9.12.0 and 9.12.1. The issue is an error in the zone database reference counting that can trigger an assertion failure when a vulnerable server performs several slave-zone transfers in quick succession (for example after valid NOTIFY m...
CVE-2015-8960
The CVE-2015-8960 entry concerns TLS protocol versions 1.2 and earlier. The root cause is that certain ClientCertificateType values (rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, ecdsa_fixed_ecdh) are supported but the protocol does not document the ability to compute the master secret in scenarios...
CVE-2017-3140
CVE-2017-3140 describes an RPZ rule processing error in BIND that can cause named to enter an endless loop when handling a query. Affected BIND versions per sources include 9.9.10, 9.10.5, 9.11.0–9.11.1, 9.9.10-S1, 9.10.5-S1. Public advisories differ on impact to vendor products; F5 notes not aff...
CVE-2018-5737
CVE-2018-5737 concerns ISC BIND 9.12.x. The issue arises from the implementation of the new serve-stale feature, which can trigger an assertion failure in rbtdb.c even when stale-answer-enable is off. Additionally, interaction between serve-stale and NSEC aggressive negative caching can, in some ...
CVE-2016-9778
CVE-2016-9778 affects ISC BIND and is triggered by handling specific queries when using the nxdomain-redirect feature in certain BIND versions (9.9.8-S1 to 9.9.8-S3, 9.9.9-S1 to 9.9.9-S6, 9.11.0-9.11.0-P1). The vulnerability can cause a REQUIRE assertion failure in db.c, potentially crashing or s...