what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 65 RSS Feed

Files Date: 2021-05-26

nginx 1.20.0 DNS Resolver Off-By-One Heap Write
Posted May 26, 2021
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E. A network attacker capable of providing DNS responses to a nginx server can achieve Denial-of-Service and likely remote code execution. Due to the lack of DNS spoofing mitigations in nginx and the fact that the vulnerable function is called before checking the DNS Transaction ID, remote attackers might be able to exploit this vulnerability by flooding the victim server with poisoned DNS responses in a feasible amount of time.

tags | exploit, remote, spoof, code execution
advisories | CVE-2021-23017
SHA-256 | 3dfbbfc75ab8248919c960e6279f4525444e77d8b1532e2dc80da38820b690c4
Unicorn 1.0.3
Posted May 26, 2021
Authored by Nguyen Anh Quynh | Site unicorn-engine.org

Unicorn is a lightweight multi-platform, multi-architecture CPU emulator framework.

Changes: Fixed some building issues. Fixed some issues in the core. Arm BE8 mode now supported. Various other updates.
tags | tool
systems | unix
SHA-256 | 64fba177dec64baf3f11c046fbb70e91483e029793ec6a3e43b028ef14dc0d65
Gentoo Linux Security Advisory 202105-15
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-15 - Multiple vulnerabilities have been found in Prosŏdy IM, the worst of which could result in a Denial of Service condition. Versions less than 0.11.9 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-32917, CVE-2021-32918, CVE-2021-32919, CVE-2021-32920, CVE-2021-32921
SHA-256 | f08be14d04709fb2b80d149bb91ae9406334d8659f93c161e700edfa779b129c
Apple Security Advisory 2021-05-25-6
Posted May 26, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-25-6 - watchOS 7.5 addresses buffer overflow, code execution, cross site scripting, denial of service, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution, xss
systems | apple
advisories | CVE-2021-21779, CVE-2021-30677, CVE-2021-30681, CVE-2021-30682, CVE-2021-30685, CVE-2021-30686, CVE-2021-30687, CVE-2021-30689, CVE-2021-30697, CVE-2021-30700, CVE-2021-30701, CVE-2021-30704, CVE-2021-30705, CVE-2021-30707, CVE-2021-30710, CVE-2021-30715, CVE-2021-30720, CVE-2021-30724, CVE-2021-30727, CVE-2021-30734, CVE-2021-30736, CVE-2021-30737, CVE-2021-30740, CVE-2021-30744, CVE-2021-30749
SHA-256 | bf5980198ddb010accfb5c43551d1ca9d78cd0ef77f89bcf61101d0efc901f78
Apple Security Advisory 2021-05-25-2
Posted May 26, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-25-2 - macOS Big Sur 11.4 addresses buffer overflow, bypass, code execution, cross site scripting, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution, xss
systems | apple
advisories | CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230, CVE-2021-21779, CVE-2021-23841, CVE-2021-30668, CVE-2021-30669, CVE-2021-30671, CVE-2021-30673, CVE-2021-30676, CVE-2021-30677, CVE-2021-30678, CVE-2021-30679, CVE-2021-30680, CVE-2021-30681, CVE-2021-30682, CVE-2021-30683, CVE-2021-30684, CVE-2021-30685
SHA-256 | b7bacb029f8caaf126c79185f04a21c9db5d08fb8a900666c62f076ff293a421
Apple Security Advisory 2021-05-25-7
Posted May 26, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-25-7 - tvOS 14.6 addresses buffer overflow, code execution, cross site scripting, denial of service, integer overflow, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution, xss
systems | apple
advisories | CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30677, CVE-2021-30682, CVE-2021-30685, CVE-2021-30686, CVE-2021-30687, CVE-2021-30689, CVE-2021-30697, CVE-2021-30700, CVE-2021-30701, CVE-2021-30704, CVE-2021-30705, CVE-2021-30707, CVE-2021-30710, CVE-2021-30715, CVE-2021-30720, CVE-2021-30724, CVE-2021-30727, CVE-2021-30734, CVE-2021-30736, CVE-2021-30737, CVE-2021-30740, CVE-2021-30744, CVE-2021-30749
SHA-256 | 6b67770482452432db54af4fb639291beaebdb13d5e2b7ae9a7eda93e3bac1cd
Apple Security Advisory 2021-05-25-5
Posted May 26, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-25-5 - Safari 14.1.1 addresses code execution, cross site scripting, denial of service, integer overflow, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution, xss
systems | apple
advisories | CVE-2021-21779, CVE-2021-23841, CVE-2021-30663, CVE-2021-30682, CVE-2021-30689, CVE-2021-30698, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749
SHA-256 | 3d0b1ff9f9087dd22ccc46998ca1a15f487dcd05f2741f6bb0b94f8700702959
Apple Security Advisory 2021-05-25-1
Posted May 26, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-25-1 - iOS 14.6 and iPadOS 14.6 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, null pointer, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution, xss
systems | apple, ios
advisories | CVE-2021-21779, CVE-2021-23841, CVE-2021-30667, CVE-2021-30674, CVE-2021-30677, CVE-2021-30681, CVE-2021-30682, CVE-2021-30685, CVE-2021-30686, CVE-2021-30687, CVE-2021-30689, CVE-2021-30691, CVE-2021-30692, CVE-2021-30693, CVE-2021-30694, CVE-2021-30695, CVE-2021-30697, CVE-2021-30698, CVE-2021-30699, CVE-2021-30700, CVE-2021-30701, CVE-2021-30704, CVE-2021-30705, CVE-2021-30707, CVE-2021-30708, CVE-2021-30709
SHA-256 | a1a282793028ec06e5f187d3b8d87c8c66f3eec9577f0d3ba5404d89d30ba9e0
Apple Security Advisory 2021-05-25-8
Posted May 26, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-25-8 - Boot Camp 6.1.14* addresses a memory corruption vulnerability.

tags | advisory
systems | apple
advisories | CVE-2021-30675
SHA-256 | 2d6182e0fb300bfa3438190b3e0dec62383acb53f48b65342d40f43ab4dc8c77
Apple Security Advisory 2021-05-25-3
Posted May 26, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-25-3 - Security Update 2021-004 Mojave addresses bypass, code execution, denial of service, heap corruption, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
advisories | CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230, CVE-2021-1883, CVE-2021-1884, CVE-2021-30669, CVE-2021-30676, CVE-2021-30678, CVE-2021-30679, CVE-2021-30681, CVE-2021-30683, CVE-2021-30687, CVE-2021-30690, CVE-2021-30691, CVE-2021-30692, CVE-2021-30693, CVE-2021-30694, CVE-2021-30695, CVE-2021-30697
SHA-256 | 776008bfbdb46c0bcd65cacb835a4914ca1905855f39711dfc2b2c16dd497aa5
Apple Security Advisory 2021-05-25-4
Posted May 26, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-25-4 - Security Update 2021-003 Catalina addresses bypass, code execution, denial of service, heap corruption, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
advisories | CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230, CVE-2021-1883, CVE-2021-1884, CVE-2021-30669, CVE-2021-30671, CVE-2021-30673, CVE-2021-30676, CVE-2021-30678, CVE-2021-30679, CVE-2021-30681, CVE-2021-30683, CVE-2021-30684, CVE-2021-30685, CVE-2021-30687, CVE-2021-30691, CVE-2021-30692, CVE-2021-30693
SHA-256 | 9524a5dad710311e201032f67e048422d6a0e4bebce049e523c4d25baffbb535
Ubuntu Security Notice USN-4967-1
Posted May 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4967-1 - Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23017
SHA-256 | 0f814519864a2c1f00e089303aebba070126d095871ca25d8c1a1514b228d000
Gentoo Linux Security Advisory 202105-37
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-37 - A vulnerability in Nextcloud Desktop Client could allow a remote attacker to execute arbitrary commands. Versions less than 3.1.3 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2021-22879
SHA-256 | b152488d796e5fc2713054994c35b5fab00df97783c99fa4f788739f5fb6348b
Gentoo Linux Security Advisory 202105-36
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-36 - Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. Versions less than 7.77.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-22876, CVE-2021-22890, CVE-2021-22898, CVE-2021-22901
SHA-256 | 27d653e9c404fce8a51dc5b8eb56846b8d6b8bc2c806dad855056460e4cd9d0d
Red Hat Security Advisory 2021-2119-01
Posted May 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2119-01 - An update for tripleo-ansible is now available for Red Hat OpenStack Platform 16.1 (Train). It addresses an issue where the ansible.log file is visible to unprivileged users.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-31918
SHA-256 | 4c1f0f5af2ff1bf54d5a0ecacd6cacae52354736bf520cc6bcbb4403243e1ebe
i-doit 1.15.2 Cross Site Scripting
Posted May 26, 2021
Authored by nu11secur1ty

i-doit version 1.15.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-3151
SHA-256 | 09bd54a79a7ea10a4acbf9651b08d12b5e851f8d241bfd83921b1cd5c24df50a
Red Hat Security Advisory 2021-2116-01
Posted May 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2116-01 - A comprehensive HTTP client library that supports many features left out of other HTTP libraries. Issues addressed include crlf injection and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-11078, CVE-2021-21240
SHA-256 | 7eeaefaee72148562bb4d3175050940306bca66918bb6c30a908a5c2c7253ce6
VMware Security Advisory 2021-0010
Posted May 26, 2021
Authored by VMware | Site vmware.com

VMware Security Advisory 2021-0010 - VMware vCenter Server updates address remote code execution and authentication vulnerabilities.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2021-21985, CVE-2021-21986
SHA-256 | 9473c522fcfc58e375d2311352f05cc6387a78f24adb7026fa22312412e8647c
Gentoo Linux Security Advisory 202105-35
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-35 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to execute arbitrary code. Versions less than 8.5_p1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-14145, CVE-2021-28041
SHA-256 | 413dc6d65484348ed8a8bc7d9dc7836eed4d1ab01a507465800675315b632f77
Gentoo Linux Security Advisory 202105-34
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-34 - A vulnerability in Bash may allow users to escalate privileges. Versions less than 5.0_p11-r1 are affected.

tags | advisory, bash
systems | linux, gentoo
advisories | CVE-2019-18276
SHA-256 | d14b7a6c79dcafc423e08f9754342a9daaccb7c5435a66a2f26302075f56dfe8
Gentoo Linux Security Advisory 202105-33
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-33 - Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation. Versions less than 1.4.4 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15257, CVE-2021-21334
SHA-256 | 464048d530e7c8af9bee99459ab4f508fe39be7c1ab8c788da356d06da5b1652
Gentoo Linux Security Advisory 202105-32
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-32 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in information disclosure. Versions less than 13.2 are affected.

tags | advisory, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2021-20229, CVE-2021-3393
SHA-256 | cc32b4339b5e18669d87f1bda3ed4c5784dfb313e6f4b605d313817028ddbe72
Zen Cart 1.5.7 Cross Site Scripting
Posted May 26, 2021
Authored by Daniel Bishtawi | Site netsparker.com

Zen Cart version 1.5.7 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 2681ae1f35fedcb388a8127b7e11ceccfd037b1d041073d1a4dbe7af5b4ac6ad
Gentoo Linux Security Advisory 202105-31
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-31 - A vulnerability in Nettle could lead to a Denial of Service condition. Versions less than 3.7.2 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2021-20305
SHA-256 | ba28dbe13dea6d4eb34e3b66c850cd358b6711db040d6dfd806ce56b9fe17d07
Gentoo Linux Security Advisory 202105-30
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-30 - Multiple vulnerabilities have been found in MuPDF, the worst of which could result in a Denial of Service condition. Versions less than 1.18.0-r3 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-26519, CVE-2021-3407
SHA-256 | 5c1001ccaa956ed2c4f2d659e31477222d1e8e311e49584a08e700131d59756f
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close