A denial-of-service vulnerability has been reported in ISC BIND9. The vulnerability is due to improper handling of packets sent to rndc control channel interface. A remote, unauthenticated attacker could exploit this vulnerabilities by sending a maliciously crafted packet to the rndc control channel interface of a target BIND server. Successful exploitation could lead to denial-of-service conditions.
A denial-of-service vulnerability has been reported in ISC BIND's lwresd daemon. The vulnerability is due to failure to check the query length when using lightweight resolver protocol. A remote, unauthenticated attacker could exploit this vulnerability by providing large query name to the lightweight resolver. Successful exploitation could lead to denial-of-service conditions.
A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause the named service to exit with an assertion failure while processing DNS packet with a malformed options section. A remote, unauthenticated attacker could exploit this vulnerability by providing a specially crafted query to the vulnerable server. Successful exploitation could lead to a denial-of-service condition.
An out-of-bound array indexing vulnerability has been reported in ImageMagick. The vulnerability is due to improper handling of certain objects in memory. A remote attacker can exploit this vulnerability by uploading a maliciously crafted file to a vulnerable web service. Successful exploitation could result in arbitrary code execution under the security context of the service using ImageMagick.
A denial-of-service vulnerability exists in libtasn1, a component of GnuTLS. The vulnerability is due to a flaw in parsing ASN.1 data that causes libtasn1 to enter an infinite loop when processing a specially crafted DER-encoded input. A remote attacker can exploit this vulnerability in GnuTLS by sending a crafted ASN.1 certificate to a target application. Successful exploitation may result in a denial-of-service condition.
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 18.104.22.168, 4.x before 22.214.171.124, and 5.x before 126.96.36.199 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.
phpMyAdmin is prone to a sql-injection vulnerability. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
phpMyAdmin 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 188.8.131.52 and 4.0.x versions prior to 184.108.40.206 are vulnerable.