An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E. A network attacker capable of providing DNS responses to a nginx server can achieve Denial-of-Service and likely remote code execution. Due to the lack of DNS spoofing mitigations in nginx and the fact that the vulnerable function is called before checking the DNS Transaction ID, remote attackers might be able to exploit this vulnerability by flooding the victim server with poisoned DNS responses in a feasible amount of time.
3dfbbfc75ab8248919c960e6279f4525444e77d8b1532e2dc80da38820b690c4Unicorn is a lightweight multi-platform, multi-architecture CPU emulator framework.
64fba177dec64baf3f11c046fbb70e91483e029793ec6a3e43b028ef14dc0d65Gentoo Linux Security Advisory 202105-15 - Multiple vulnerabilities have been found in Prosŏdy IM, the worst of which could result in a Denial of Service condition. Versions less than 0.11.9 are affected.
f08be14d04709fb2b80d149bb91ae9406334d8659f93c161e700edfa779b129cApple Security Advisory 2021-05-25-6 - watchOS 7.5 addresses buffer overflow, code execution, cross site scripting, denial of service, out of bounds read, and use-after-free vulnerabilities.
bf5980198ddb010accfb5c43551d1ca9d78cd0ef77f89bcf61101d0efc901f78Apple Security Advisory 2021-05-25-2 - macOS Big Sur 11.4 addresses buffer overflow, bypass, code execution, cross site scripting, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
b7bacb029f8caaf126c79185f04a21c9db5d08fb8a900666c62f076ff293a421Apple Security Advisory 2021-05-25-7 - tvOS 14.6 addresses buffer overflow, code execution, cross site scripting, denial of service, integer overflow, out of bounds read, and use-after-free vulnerabilities.
6b67770482452432db54af4fb639291beaebdb13d5e2b7ae9a7eda93e3bac1cdApple Security Advisory 2021-05-25-5 - Safari 14.1.1 addresses code execution, cross site scripting, denial of service, integer overflow, null pointer, and use-after-free vulnerabilities.
3d0b1ff9f9087dd22ccc46998ca1a15f487dcd05f2741f6bb0b94f8700702959Apple Security Advisory 2021-05-25-1 - iOS 14.6 and iPadOS 14.6 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, null pointer, out of bounds read, and use-after-free vulnerabilities.
a1a282793028ec06e5f187d3b8d87c8c66f3eec9577f0d3ba5404d89d30ba9e0Apple Security Advisory 2021-05-25-8 - Boot Camp 6.1.14* addresses a memory corruption vulnerability.
2d6182e0fb300bfa3438190b3e0dec62383acb53f48b65342d40f43ab4dc8c77Apple Security Advisory 2021-05-25-3 - Security Update 2021-004 Mojave addresses bypass, code execution, denial of service, heap corruption, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
776008bfbdb46c0bcd65cacb835a4914ca1905855f39711dfc2b2c16dd497aa5Apple Security Advisory 2021-05-25-4 - Security Update 2021-003 Catalina addresses bypass, code execution, denial of service, heap corruption, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
9524a5dad710311e201032f67e048422d6a0e4bebce049e523c4d25baffbb535Ubuntu Security Notice 4967-1 - Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code.
0f814519864a2c1f00e089303aebba070126d095871ca25d8c1a1514b228d000Gentoo Linux Security Advisory 202105-37 - A vulnerability in Nextcloud Desktop Client could allow a remote attacker to execute arbitrary commands. Versions less than 3.1.3 are affected.
b152488d796e5fc2713054994c35b5fab00df97783c99fa4f788739f5fb6348bGentoo Linux Security Advisory 202105-36 - Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. Versions less than 7.77.0 are affected.
27d653e9c404fce8a51dc5b8eb56846b8d6b8bc2c806dad855056460e4cd9d0dRed Hat Security Advisory 2021-2119-01 - An update for tripleo-ansible is now available for Red Hat OpenStack Platform 16.1 (Train). It addresses an issue where the ansible.log file is visible to unprivileged users.
4c1f0f5af2ff1bf54d5a0ecacd6cacae52354736bf520cc6bcbb4403243e1ebei-doit version 1.15.2 suffers from a cross site scripting vulnerability.
09bd54a79a7ea10a4acbf9651b08d12b5e851f8d241bfd83921b1cd5c24df50aRed Hat Security Advisory 2021-2116-01 - A comprehensive HTTP client library that supports many features left out of other HTTP libraries. Issues addressed include crlf injection and denial of service vulnerabilities.
7eeaefaee72148562bb4d3175050940306bca66918bb6c30a908a5c2c7253ce6VMware Security Advisory 2021-0010 - VMware vCenter Server updates address remote code execution and authentication vulnerabilities.
9473c522fcfc58e375d2311352f05cc6387a78f24adb7026fa22312412e8647cGentoo Linux Security Advisory 202105-35 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to execute arbitrary code. Versions less than 8.5_p1 are affected.
413dc6d65484348ed8a8bc7d9dc7836eed4d1ab01a507465800675315b632f77Gentoo Linux Security Advisory 202105-34 - A vulnerability in Bash may allow users to escalate privileges. Versions less than 5.0_p11-r1 are affected.
d14b7a6c79dcafc423e08f9754342a9daaccb7c5435a66a2f26302075f56dfe8Gentoo Linux Security Advisory 202105-33 - Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation. Versions less than 1.4.4 are affected.
464048d530e7c8af9bee99459ab4f508fe39be7c1ab8c788da356d06da5b1652Gentoo Linux Security Advisory 202105-32 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in information disclosure. Versions less than 13.2 are affected.
cc32b4339b5e18669d87f1bda3ed4c5784dfb313e6f4b605d313817028ddbe72Zen Cart version 1.5.7 suffers from a cross site scripting vulnerability.
2681ae1f35fedcb388a8127b7e11ceccfd037b1d041073d1a4dbe7af5b4ac6adGentoo Linux Security Advisory 202105-31 - A vulnerability in Nettle could lead to a Denial of Service condition. Versions less than 3.7.2 are affected.
ba28dbe13dea6d4eb34e3b66c850cd358b6711db040d6dfd806ce56b9fe17d07Gentoo Linux Security Advisory 202105-30 - Multiple vulnerabilities have been found in MuPDF, the worst of which could result in a Denial of Service condition. Versions less than 1.18.0-r3 are affected.
5c1001ccaa956ed2c4f2d659e31477222d1e8e311e49584a08e700131d59756f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed