Denial Of Service

knot-resolver is vulnerable to denial of service. The vulnerability exists due to an assertion failure...

ROS-2-2170

2.2170 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

ROS-2-2151

2.2151 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

ROS-2-2202

2.2202 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

ROS-2-2139

2.2139 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

EulerOS 2.0 SP5 : nginx (EulerOS-SA-2021-2340)

According to the version of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byt...

7ghost (>=4.11.0 <=4.11.46), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +3385 more potentially affected by CVE-2021-23406 via pac-resolver (>=1.2.6 <=4.2.0)

pac-resolver NPM version =1.2.6, =4.11.0, =3.10.1, =0.1.0, =0.1.0, =0.0.1, =1.6.1, =0.0.1, =1.4.1, =0.2.2, =0.2.2, =0.0.1, =0.1.2 - @adaptcharm/email =1.1.1 and more Source cves: CVE-2021-23406 Source advisory: OSV:GHSA-9J49-MFVP-VMHM...

Code Injection in pac-resolver

This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer...

GHSA-9J49-MFVP-VMHM Code Injection in pac-resolver

This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer...

ASB-A-177457096

In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

[SECURITY] Fedora 33 Update: bind-9.11.35-1.fc33

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

CVE-2021-23406

A flaw was found in nodejs-pac-resolver. A remote code execution can occur with untrusted input, due to unsafe PAC file handling. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

DEBIAN-CVE-2021-40083

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case NSEC3 with too many iterations used for a positive wildcard proof...

CVE-2021-40083

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case NSEC3 with too many iterations used for a positive wildcard proof...

CVE-2021-40083

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case NSEC3 with too many iterations used for a positive wildcard proof...

Design/Logic Flaw

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case NSEC3 with too many iterations used for a positive wildcard proof...

UBUNTU-CVE-2021-40083

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case NSEC3 with too many iterations used for a positive wildcard proof...

CVE-2021-40083

Knot Resolver before 5.3.2 is prone to an assertion failure that can be triggered remotely in a specific edge case: NSEC3 with too many iterations used for a positive wildcard proof. The vulnerability is documented across multiple sources in this CVE, confirming the affected software (Knot Resolv...

CVE-2021-40083

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case NSEC3 with too many iterations used for a positive wildcard proof...