CVE-2016-1286 – bind: malformed signature records for DNAME records can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1286
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de firma manipulado para un registro DNAME, relacionada con db.c y resolver.c. A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html http://lists.opensuse.org/opensuse- • CWE-617: Reachable Assertion •
CVE-2016-1258
https://notcve.org/view.php?id=CVE-2016-1258
Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors. Embedthis Appweb, tal como se utiliza en J-Web en Juniper Junos OS en versiones anteriores a 12.1X44-D60, 12.1X46 en versiones anteriores a 12.1X46-D45, 12.1X47 en versiones anteriores a 12.1X47-D30, 12.3 en versiones anteriores a 12.3R10, 12.3X48 en versiones anteriores a 12.3X48-D20, 13.2X51 en versiones anteriores a 13.2X51-D20, 13.3 en versiones anteriores a 13.3R8, 14.1 en versiones anteriores a 14.1R6 y 14.2 en versiones anteriores a 14.2R5, permite a atacantes remotos provocar una denegación de servicio (caída de J-Web) a través de vectores no especificados. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10720 http://www.securitytracker.com/id/1035116 • CWE-20: Improper Input Validation •
CVE-2016-1262
https://notcve.org/view.php?id=CVE-2016-1262
Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway (RTSP ALG) is enabled, allow remote attackers to cause a denial of service (flowd crash) via a crafted RTSP packet. Juniper Junos OS en versiones anteriores a 12.1X46-D45, 12.1X47 en versiones anteriores a 12.1X47-D30, 12.1X48 en versiones anteriores a 12.3X48-D20 y 15.1X49 en versiones anteriores a 15.1X49-D30 en dispositivos de las series SRX, cuando el Real Time Streaming Protocol Application Layer Gateway (RTSP ALG) está habilitado, permite a atacantes remotos provocar una denegación de servicio (caída de flowd) a través de un paquete RTSP manipulado. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10721 http://www.securitytracker.com/id/1035108 • CWE-20: Improper Input Validation •
CVE-2016-1256
https://notcve.org/view.php?id=CVE-2016-1256
Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R7, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D18 or 14.1X53-D30, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R4, 15.1 before 15.1R2, and 15.1X49 before 15.1X49-D10 allow remote attackers to cause a denial of service via a malformed IGMPv3 packet, aka a "multicast denial of service." Juniper Junos OS en versiones anteriores a 12.1X44-D55, 12.1X46 en versiones anteriores a 12.1X46-D40, 12.1X47 en versiones anteriores a 12.1X47-D25, 12.3 en versiones anteriores a 12.3R10, 12.3X48 en versiones anteriores a 12.3X48-D20, 13.2 en versiones anteriores a 13.2R8, 13.2X51 en versiones anteriores a 13.2X51-D40, 13.3 en versiones anteriores a 13.3R7, 14.1 en versiones anteriores a 14.1R5, 14.1X53 en versiones anteriores a 14.1X53-D18 o 14.1X53-D30, 14.1X55 en versiones anteriores a 14.1X55-D25, 14.2 en versiones anteriores a 14.2R4, 15.1 en versiones anteriores a 15.1R2 y 15.1X49 en versiones anteriores a 15.1X49-D10 permite a atacantes remotos provocar una denegación de servicio a través de un paquete IGMPv3 mal formado, también conocido como un "multicast denial of service". • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10714 http://www.securitytracker.com/id/1035107 • CWE-399: Resource Management Errors •
CVE-2015-7752
https://notcve.org/view.php?id=CVE-2015-7752
The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D25, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D20 allows remote attackers to cause a denial of service (CPU consumption) via unspecified SSH traffic. El servidor SSH en Juniper Junos OS en versiones anteriores a 12.1X44-D50, 12.1X46 en versiones anteriores a 12.1X46-D35, 12.1X47 en versiones anteriores a 12.1X47-D25, 12.3 en versiones anteriores a 12.3R10, 12.3X48 en versiones anteriores a 12.3X48-D10, 13.2 en versiones anteriores a 13.2R8, 13.2X51 en versiones anteriores a 13.2X51-D35, 13.3 en versiones anteriores a 13.3R6, 14.1 en versiones anteriores a 14.1R5, 14.1X53 en versiones anteriores a 14.1X53-D25, 14.2 en versiones anteriores a 14.2R3, 15.1 en versiones anteriores a 15.1R1 y 15.1X49 en versiones anteriores a 15.1X49-D20 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de tráfico SSH no especificado. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10708 http://www.securitytracker.com/id/1033818 • CWE-399: Resource Management Errors •