A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network malicious user to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-23017)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 nginx |
||
openresty openresty |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
netapp ontap select deploy administration utility - |
||
oracle communications operations monitor 3.4 |
||
oracle enterprise session border controller 8.4 |
||
oracle communications operations monitor 4.2 |
||
oracle communications operations monitor 4.3 |
||
oracle communications session border controller 8.4 |
||
oracle enterprise session border controller 9.0 |
||
oracle communications session border controller 9.0 |
||
oracle enterprise communications broker 3.3.0 |
||
oracle enterprise telephony fraud monitor 4.2 |
||
oracle enterprise telephony fraud monitor 4.3 |
||
oracle enterprise telephony fraud monitor 4.4 |
||
oracle enterprise telephony fraud monitor 3.4 |
||
oracle communications operations monitor 4.4 |
||
oracle communications fraud monitor |
||
oracle communications control plane monitor 4.2 |
||
oracle communications control plane monitor 4.3 |
||
oracle communications control plane monitor 4.4 |
||
oracle communications control plane monitor 3.4 |
||
oracle goldengate |
||
oracle blockchain platform |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Hate to ruin your Friday What do you want The Register to do for you?
Juniper Networks has patched critical-rated bugs across its Junos Space, Contrail Networking and NorthStar Controller products that are serious enough to prompt CISA to weigh in and advise admins to update the software as soon as possible. "CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates," according to the Feds' warning this week. Key thing here is review: some of these flaws can be exploited to bring down equipme...