Debian Linux Security Advisory 2656-1 - Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash.
f2dcd89039a695f90e98b0038b67fc5cae9bfa2e5c3193cbdead19922ea0aa61Technical Cyber Security Alert 2013-088A - A misconfigured Domain Name System (DNS) server can be exploited to participate in a Distributed Denial of Service (DDoS) attack.
267de1873a51753001d948053d442596ac0e2e46a65b9c2f4f3f241dd131f274Slackware Security Advisory - New libssh packages are available for Slackware 14.0, and -current to fix a security issue.
4f29fc9ae0941903b155b4feab417794ea9f87b4fb023be631f85009a1f6ca03HP Security Bulletin HPSBUX02859 SSRT101144 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 1 of this advisory.
0746632b57a61b2a1e105c96a10c846b657feaa5332e287d785fe60802111b6cUbuntu Security Notice 1783-1 - Matthew Horsfall discovered that Bind incorrectly handled regular expression checking. A remote attacker could use this flaw to cause Bind to consume an excessive amount of memory, possibly resulting in a denial of service. This issue was corrected by disabling RDATA regular expression syntax checking.
c24a1c3ac68073c644db15400ac8f6c99c9ab1b5641d5bb91173cedfe9b52f68Debian Linux Security Advisory 2655-1 - Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development.
4c3d58135661cc0677501ab58b5ab4b645bf6e20f7be676bc756293c4c589cf2Red Hat Security Advisory 2013-0689-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. Note: This update disables the syntax checking of NAPTR resource records.
49ec82c31e09a661de8b7df652d8eee53683f7471acff85a36ad89701d30651fRed Hat Security Advisory 2013-0691-01 - Red Hat Storage is a software only, scale-out storage solution that provides flexible and agile unstructured data storage for the enterprise. A flaw was found in the way the Swift component used Python pickle. This could lead to arbitrary code execution. With this update, the JSON format is used. Multiple insecure temporary file creation flaws were found in Red Hat Storage. A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack.
bcd07c0db9e96622fb592f3bc2cdf309f96bf245b0da02f1ed7333420a00e28fRed Hat Security Advisory 2013-0690-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. Note: This update disables the syntax checking of NAPTR resource records.
8e2fbfef90b9c05004aec10b390bae90ea7731c20f0d59269617c5d40e2c0b39Red Hat Security Advisory 2013-0688-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.3 will be retired on March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.3 AMC after that date.
5048abcd9eba6af3cebdcdbd769ab648a5ab74783682ae88ca727b8d8e7d01bfUbuntu Security Notice 1782-1 - It was discovered that libxml2 incorrectly handled XML entity expansion. An attacker could use this flaw to cause libxml2 to consume large amounts of resources, resulting in a denial of service.
8016649df7936a08004b2ecb225d08e87a24eada7f4d4e8cc369501b71865951Asterisk Project Security Advisory - When authenticating via SIP with alwaysauthreject enabled, allowguest disabled, and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
7ce9d396f6a8843def45150840621abd66a61195ea9967e14e7c6392d62f7a27Cisco Security Advisory - The Resource Reservation Protocol (RSVP) feature in Cisco IOS Software and Cisco IOS XE Software contains a vulnerability when used on a device that has Multiprotocol Label Switching with Traffic Engineering (MPLS-TE) enabled. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a reload of the affected device. Repeated exploitation could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability.
6c8d5ab39e1579248c235ac0fb6d130f03287e1bfe1c2113cc6a6081582b9a36Drupal Common Wikis third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.
0ead0c1b6461de562721b99bba7a816c5c188b5649caf9a8533d5386639df1eaEMC Smarts Product versions prior to 9.2 contain a cross site scripting vulnerability that could potentially be exploited by malicious users.
883d4810ac2c6054019ce2ac8a31a3711e9315ccc3a0dc8dd3c1d89e8cf6b06dAsterisk Project Security Advisory - AST-2012-014, fixed in January of this year, contained a fix for Asterisk's HTTP server since it was susceptible to a remotely-triggered crash. The fix put in place fixed the possibility for the crash to be triggered, but a possible denial of service still exists if an attacker sends one or more HTTP POST requests with very large Content-Length values.
7a1b07b00aaec1a54c4a018a3363c0392f9374f44ef12df07d9140f78bd6c056Cisco Security Advisory - The Cisco IOS Software Internet Key Exchange (IKE) feature contains a denial of service (DoS) vulnerability. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
f65bd4e39e183642a6d2572c9a108eb5574fee859a6831d2e4f41be3dc70ee7eDrupal Common Groups third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.
f669c1b9745c7be65686fd69d8357c49ea773ce0b1124fee20ef6d5c5668bc43Cisco Security Advisory - The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network address translation (NAT) feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
d8a9ebcc5bcdbb846ebb55212f513487470545447c60d9e5baa8b680cb2e36b9Asterisk Project Security Advisory - The format attribute resource for h264 video performs an unsafe read against a media attribute when parsing the SDP. The vulnerable parameter can be received as strings of an arbitrary length and Asterisk attempts to read them into limited buffer spaces without applying a limit to the number of characters read. If a message is formed improperly, this could lead to an attacker being able to execute arbitrary code remotely.
6dbcc321fa05a34d90ae2594f9ee9d1f4e3a55fa0610c69189ee26ee7c7e8f70Drupal Rules third party module version 7.x suffers from a cross site scripting vulnerability.
f2f8ca4e2b4ae29b0c45ac10b1bad3aa48a53157f2aaec80b06f22bcc52c9cd0Cisco Security Advisory - The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Affected devices that are configured as Smart Install clients are vulnerable. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that have the Smart Install client feature enabled.
42356950e1cc56926e25264368f0756b639d7b291d5d8fd340c0a7946bc690e8Drupal Zero Point third party module version 7.x suffers from a cross site scripting vulnerability.
37b56deaef01f5ce524a97748fc68d4f269a0f41f3264e6e15807a3c27e9942bCisco Security Advisory - The Cisco IOS Software Protocol Translation (PT) feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
7bfd2bd455cd5f6b92d91689d93812aab9c993e272761cdfb6ba0d2c3bf6c303Red Hat Security Advisory 2013-0687-01 - Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.
a3774347ea45c3c7ae68e1074b90367573297995db1225f26b9651f2ad1564ed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed