This vulnerability allows remote malicious users to execute arbitrary code on affected installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of TKEY queries. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the "bind" user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
isc bind 9.11.7 |
||
isc bind 9.11.3 |
||
isc bind 9.11.6 |
||
isc bind 9.10.5 |
||
isc bind 9.11.5 |
||
isc bind 9.9.3 |
||
isc bind 9.10.7 |
||
isc bind 9.11.12 |
||
isc bind |
||
isc bind 9.9.12 |
||
isc bind 9.9.13 |
||
isc bind 9.11.8 |
||
isc bind 9.11.21 |
||
isc bind 9.11.27 |
||
isc bind 9.11.29 |
||
isc bind 9.16.8 |
||
isc bind 9.16.11 |
||
isc bind 9.16.13 |
||
siemens sinec infrastructure network services |
||
netapp cloud backup - |
||
netapp active iq unified manager - |
||
netapp aff_a250_firmware - |
||
netapp aff_500f_firmware - |
||
netapp h300s_firmware - |
||
netapp h500s_firmware - |
||
netapp h700s_firmware - |
||
netapp h300e_firmware - |
||
netapp h500e_firmware - |
||
netapp h700e_firmware - |
||
netapp h410s_firmware - |
Plus: Micro-op CPU caches abused to leak data, and more
In Brief Apple on Monday patched security flaws in its software said to have been exploited in the wild by miscreants to hijack gear. WebKit, fixed in macOS Big Sur 11.3.1, can be tricked into executing arbitrary code by processing malicious web content – a bad webpage can take over the browser, in other words. "Apple is aware of a report that this issue may have been actively exploited," it said in its advisory. Specifically, there are two bugs: memory corruption flaw CVE-2021-30665, which wa...