2962 matches found
OESA-2021-1225 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrit...
A security issue in nginx resolver was identified which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite resulting in worker process crash or potential other impact.
...
Oracle Linux 8 : nginx:1.16 (ELSA-2021-2290)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2290 advisory. 1.16.1-2.0.1.1 - Remove Red Hat references Orabug: 29498217 1:1.16.1-2.1 - Resolves: 1963174 - CVE-2021-23017 nginx:1.16/nginx: Off-by-one in ngxresolvercopy wh...
SUSE: Security Advisory (SUSE-SU-2021:1839-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the Unbound DNS server, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the Unbound DNS server is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...
nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name
A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in...
Oracle Linux 8 : nginx:1.18 (ELSA-2021-2259)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2259 advisory. 1.18.0-3.1.0.1 - Remove Red Hat references Orabug: 29498217 1:1.18.0-3.1 - Resolves: 1963178 - CVE-2021-23017 nginx:1.18/nginx: Off-by-one in ngxresolvercopy wh...
nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name
A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in...
nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name
A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in...
nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name
A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in...
openSUSE: Security Advisory for nginx (openSUSE-SU-2021:0835-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE
According to its Server response header, the installed version of nginx is 0.6.18 prior to 1.20.1. It is, therefore, affected by a remote code execution vulnerability. A security issue in nginx resolver was identified, which might allow an unauthenticated remote attacker to cause 1-byte memory...
SUSE-SU-2021:1839-1 Security update for nginx
This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...
CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...
CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...
ALPINE-CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...
DEBIAN-CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...
Memory corruption
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...
CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...
CVE-2021-23017
CVE-2021-23017 affects nginx's resolver. A security issue arises from an off-by-one in ngx_resolver_copy when DNS labels are followed by a root-domain pointer, allowing a crafted UDP response to overwrite the least significant byte of the next heap chunk metadata. This can lead to a worker proces...