UBUNTU-CVE-2021-25219

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response...

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2021-2599)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : nginx (EulerOS-SA-2021-2599)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that cause...

CLSA-2021-1634922789 Fixed CVE-2021-23017 in nginx

Fixed CVE-2021-23017 : Off-by-one in ngxresolvercopy when - labels are followed by a pointer to a root domain name...

Security Bulletin: IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to code injection due to CVE-2021-23406

Summary IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to code injection due to CVE-2021-23406 Vulnerability Details CVEID: CVE-2021-23406 DESCRIPTION: Node.js pac-resolver module could allow a remote attacker to execute arbitrary code on the system, caused b...

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

LinuxCatScale - Incident Response Collection And Processing Scripts With Automated Reporting Scripts

Linux CatScale is a bash script that uses live of the land tools to collect extensive data from Linux based hosts. The data aims to help DFIR professionals triage and scope incidents. An Elk Stack instance also is configured to consume the output and assist the analysis process. Usage This script...

CLSA-2021-1632261741 Fix of CVE: CVE-2021-23017

Fixed CVE-2021-23017 : Off-by-one in ngxresolvercopy when - labels are followed by a pointer to a root domain name...

Code Injection

Overview In pac-resolver before 5.0.0 code-injection can occur when used with untrusted input, due to unsafe PAC file handling. Recommendation Upgrade to version 5.0.0 or later References - CVE - GitHub Advisory - Article...

The vulnerability of the avahi_s_host_name_resolver_start function in the Avahi service discovery system in local networks allows a attacker to trigger a service failure. This vulnerability is related to pointer arithmetic errors.

The vulnerability of the avahishostnameresolverstart function in the Avahi service discovery system in local networks is related to pointer arithmetic errors. Exploiting this vulnerability can allow attackers to cause service failures...

Security Bulletin: A security vulnerability in Node.js pac-resolver module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js pac-resolver module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-23406 DESCRIPTION: Node.js pac-resolver module could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe PAC file handling. ...

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

CVE-2021-23034

On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical...

CVE-2021-23034

On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical...

CVE-2021-23034

On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical...

CVE-2021-23034

CVE-2021-23034 affects F5 BIG-IP TMM when a DNS profile using a DNS cache resolver is configured on a virtual server; undisclosed DNS requests can terminate the TMM process, causing DoS. Affected versions include BIG-IP 16.x before 16.1.0 and 15.1.x before 15.1.3.1. Public sources in connected do...

CVE-2021-23049

On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel TMM memory utilization resulting in an out-of-memory condition and a...

CVE-2021-23049

CVE-2021-23049 affects F5 BIG-IP: memory leak in TMM caused by undisclosed requests when the iRules RESOLVER::summarize command runs on a virtual server. The issue increases TMM memory usage, potentially leading to an out-of-memory condition and DoS. Affected versions are BIG-IP 16.0.x before 16....

CVE-2021-23049

On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel TMM memory utilization resulting in an out-of-memory condition and a...

EulerOS 2.0 SP2 : nginx (EulerOS-SA-2021-2412)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause...