exploit the possibilities
Showing 1 - 9 of 9 RSS Feed

CVE-2021-2301

Status Candidate

Overview

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Related Files

Red Hat Security Advisory 2021-2290-01
Posted Jun 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2290-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
MD5 | 26016b477f5da28d5da72cb174382244
Red Hat Security Advisory 2021-2278-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2278-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
MD5 | 2c2f10d284d4920cd331e487e4186596
Red Hat Security Advisory 2021-2259-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2259-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
MD5 | c022d6a685c4da17a916f5ea74df4c4f
Red Hat Security Advisory 2021-2258-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2258-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
MD5 | 5f82b38331d93b1a18c80aa73a2c54f0
Ubuntu Security Notice USN-4967-2
Posted May 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23017
MD5 | 80cc8e13b352e34dd9a56edc56696000
Gentoo Linux Security Advisory 202105-38
Posted May 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-38 - A vulnerability in nginx could lead to remote code execution. Versions less than 1.21.0 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2021-23017
MD5 | 1d166f7e28c58ba00613c75ab288fa9d
nginx 1.20.0 DNS Resolver Off-By-One Heap Write
Posted May 26, 2021
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E. A network attacker capable of providing DNS responses to a nginx server can achieve Denial-of-Service and likely remote code execution. Due to the lack of DNS spoofing mitigations in nginx and the fact that the vulnerable function is called before checking the DNS Transaction ID, remote attackers might be able to exploit this vulnerability by flooding the victim server with poisoned DNS responses in a feasible amount of time.

tags | exploit, remote, spoof, code execution
advisories | CVE-2021-23017
MD5 | cc733efc4bba424a92fb952d1eefd927
Ubuntu Security Notice USN-4967-1
Posted May 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4967-1 - Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23017
MD5 | b350ad62ada4bdd5b64bf7a6677cd315
Ubuntu Security Notice USN-4952-1
Posted May 13, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4952-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.25 in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-2146, CVE-2021-2166, CVE-2021-2172, CVE-2021-2194, CVE-2021-2208, CVE-2021-2226, CVE-2021-2293, CVE-2021-2301, CVE-2021-2308
MD5 | 0d0227bf3d91b0c638d82a4eb8dfac04
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    11 Files
  • 19
    Jun 19th
    1 Files
  • 20
    Jun 20th
    3 Files
  • 21
    Jun 21st
    2 Files
  • 22
    Jun 22nd
    21 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close