var-202106-1921
Vulnerability from variot
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-38
https://security.gentoo.org/
Severity: High Title: nginx: Remote code execution Date: May 26, 2021 Bugs: #792087 ID: 202105-38
Synopsis
A vulnerability in nginx could lead to remote code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.21.0 >= 1.20.1:0 >= 1.21.0:mainline
Description
It was discovered that nginx did not properly handle DNS responses when "resolver" directive is used.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.20.1"
All nginx mainline users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-servers/nginx-1.21.0:mainline"
References
[ 1 ] CVE-2021-23017 https://nvd.nist.gov/vuln/detail/CVE-2021-23017
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202105-38
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nginx118-nginx security update Advisory ID: RHSA-2021:2258-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2258 Issue date: 2021-06-07 CVE Names: CVE-2021-23017 =====================================================================
- Summary:
An update for rh-nginx118-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
- nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx118-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm
ppc64le: rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm
s390x: rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm
x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm
ppc64le: rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm
s390x: rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm
x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm
x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-23017 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYL3MN9zjgjWX9erEAQjMKA//YaSwGZ/DmvwILuYqYNbIGKvcatycisD6 RrS+A7J9QqTEKqC8mZQ/OvfS5TukanQ/jzTNfRuGuO7booPRlhqVxZVLrSgQNaVD 1FV/cQqXhS/FwmrM8wnWdLpsFUXRXsTqiOoUnymzZbSh1VDjB8VZZLjWc7Wnueqy clLQnYtwMT5axzXRJl/JiXs+yJBmzv5igSFMoGXEKDx6DTrWGtZENE1rpumPAjb6 Y3aDzDZYu4Bl9V1FCUOtksWnmP0Xl/kvSL31aUkyYbyi9i0DpQswmdBH4Bl5ulw2 skkKH69ixA1wu+2D128toUy2ZR/MjX88sH3bCahhY1G4ajp0Vl3/p/kM7VVR5uRi KTVNK8FueNIvp8fMp8oYKhZW9It5DzlMa0Q1QcFfsutgf+932up8qJ9o0mQ9AbVK fBYb8F0hYMDI8udy+npgUM0WwwiBQAqzcHmbnYIRt6IK5f/dUOqucugiJFsbyTl2 pIcJty1208RbrDE/ctTcKuyVbHH9pPOHql5rFlJLAh7yYdHWh6J1QhmdA1RNm51h MEgO5OOVUjrV2mye1c8o7EkTzvuhu2RWQ7WyQc6C81ZlcUcjfNnq73vJ9HBNtNT5 hsiDG/UdvY/thIQmqzSFI3z8ALFKPRUcJ91v/fZNRpBTxcsluN91X7XrHIQDNOs9 jVrMgzAG88I= =av6T -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.2) - aarch64, noarch, ppc64le, s390x, x86_64
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.3.3 General Availability release images, which fix bugs, provide security fixes, and update container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.3 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/
Note: Because Red Hat OpenShift Container Platform version 4.9 was just released, the functional testing of the compatibility between Red Hat Advanced Cluster Management 2.3.3 and Red Hat OpenShift Container Platform version 4.9 is still in progress.
Security fixes:
-
nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)
-
redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)
-
redis: Integer overflow issue with Streams (CVE-2021-32627)
-
redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)
-
redis: Integer overflow issue with intsets (CVE-2021-32687)
-
redis: Integer overflow issue with strings (CVE-2021-41099)
-
redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672)
-
redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)
-
helm: information disclosure vulnerability (CVE-2021-32690)
Bug fixes:
-
KUBE-API: Support move agent to different cluster in the same namespace (BZ# 1977358)
-
Add columns to the Agent CRD list (BZ# 1977398)
-
ClusterDeployment controller watches all Secrets from all namespaces (BZ# 1986081)
-
RHACM 2.3.3 images (BZ# 1999365)
-
Workaround for Network Manager not supporting nmconnections priority (BZ# 2001294)
-
create cluster page empty in Safary Browser (BZ# 2002280)
-
Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object (BZ# 2002667)
-
Overview page displays VMware based managed cluster as other (BZ# 2004188)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1977358 - [4.8.0] KUBE-API: Support move agent to different cluster in the same namespace 1977398 - [4.8.0] [master] Add columns to the Agent CRD list 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1986081 - [4.8.0] ClusterDeployment controller watches all Secrets from all namespaces 1999365 - RHACM 2.3.3 images 2001294 - [4.8.0] Workaround for Network Manager not supporting nmconnections priority 2002280 - create cluster page empty in Safary Browser 2002667 - Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object 2004188 - Overview page displays VMware based managed cluster as other 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4921-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2021 https://www.debian.org/security/faq
Package : nginx CVE ID : CVE-2021-23017 Debian Bug : 989095
Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code.
For the stable distribution (buster), this problem has been fixed in version 1.14.2-2+deb10u4.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCw3CMACgkQEMKTtsN8 TjYgGA/9FlgRs/kkpLxlnM5ymYDA+WAmc44BiKLajlItjdw54nifSb7WJQifSjND wWz6/1Qc2R84mgovtdReIcgEQDDmm8iCpslsWt4r/iWT5m/tlZhkLhBN1AyhW8VS u1Goqt+hFkz0fZMzv1vf9MwRkUma8SjxNcQdjs4fHzyZAfo+QoV4Ir0I7DIMKkZk N5teHqHIMaDasRZFQSpL8NuZC+JN5EEpB764mV+O/YqVrWeE9QUAnL0FgjcQUnmh iQ5AmMJRtAnQXXu9Qkpx9WtDemHLFHC9JsWEKE3TJAegA4ZhfOo5MZcjesn6EoqV 8rXAAupWzO5/wTxMeulqz4HTLeYPs+jTSONHwT1oG9kgY59jVcNVjg2DcGbG3/17 ueZdGTy70pgLSL6IKILNBgqHh0AqSyyuZmocy07DNGay+HzwuFSBq4RCCved+EPW 4CMtIPSujjPzQqvg15gFNKt/7T2ZfKFR7zVfm0itI6KTjyAhmFhaNYNwWEifX68u 8akhscDlUxmDQG1kbQ2u/IZqWeKG/TpbqaaTrTl6U+Gl1hmRO06Y4AckW1Xwm2r4 CFSO9uHeNte5Vsw+4NlDntzRZOOfJ6qW8x0XF5Vgn7R9mfYPlvIWJgptsgrrijnf lhCPw5JMpzQ4afWlRUvQiaf0lOIySKIfv05wHPtIablmgjIGny4= =qxQw -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1921", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "enterprise telephony fraud monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "openresty", "scope": "lt", "trust": 1.0, "vendor": "openresty", "version": "1.19.3.2" }, { "model": "goldengate", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "21.4.0.0.0" }, { "model": "communications control plane monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3" }, { "model": "communications control plane monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "communications fraud monitor", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "communications fraud monitor", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "3.4" }, { "model": "communications operations monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3" }, { "model": "communications operations monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "enterprise telephony fraud monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.4" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "enterprise telephony fraud monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.2" }, { "model": "ontap select deploy administration utility", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "communications control plane monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.4" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.20.1" }, { "model": "communications control plane monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.2" }, { "model": "communications operations monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.4" }, { "model": "communications operations monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.2" }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.4" }, { "model": "enterprise communications broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.3.0" }, { "model": "enterprise session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "blockchain platform", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "enterprise session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.4" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "enterprise telephony fraud monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3" }, { "model": "oracle communications operations monitor", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "oracle enterprise telephony fraud monitor", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "oracle communications control plane monitor", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "nginx", "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": "ontap select deploy administration utility", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "openresty", "scope": null, "trust": 0.8, "vendor": "openresty", "version": null }, { "model": "oracle communications fraud monitor", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.20.1", "versionStartIncluding": "0.6.18", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.19.3.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_fraud_monitor:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.4", "versionStartIncluding": "3.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.4.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-23017" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162986" }, { "db": "PACKETSTORM", "id": "162992" }, { "db": "PACKETSTORM", "id": "163013" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "164562" }, { "db": "PACKETSTORM", "id": "164948" } ], "trust": 0.6 }, "cve": "CVE-2021-23017", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-23017", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381503", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.5, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 9.4, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-23017", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-23017", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-23017", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202105-1581", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381503", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381503" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202105-38\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Remote code execution\n Date: May 26, 2021\n Bugs: #792087\n ID: 202105-38\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in nginx could lead to remote code execution. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.21.0 \u003e= 1.20.1:0\n \u003e= 1.21.0:mainline\n\nDescription\n===========\n\nIt was discovered that nginx did not properly handle DNS responses when\n\"resolver\" directive is used. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.20.1\"\n\nAll nginx mainline users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-servers/nginx-1.21.0:mainline\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-23017\n https://nvd.nist.gov/vuln/detail/CVE-2021-23017\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202105-38\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nginx118-nginx security update\nAdvisory ID: RHSA-2021:2258-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2258\nIssue date: 2021-06-07\nCVE Names: CVE-2021-23017 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx118-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a\npointer to a root domain name (CVE-2021-23017)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx118-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx118-nginx-1.18.0-3.el7.src.rpm\n\nppc64le:\nrh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm\n\ns390x:\nrh-nginx118-nginx-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm\n\nx86_64:\nrh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx118-nginx-1.18.0-3.el7.src.rpm\n\nppc64le:\nrh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm\n\ns390x:\nrh-nginx118-nginx-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm\n\nx86_64:\nrh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx118-nginx-1.18.0-3.el7.src.rpm\n\nx86_64:\nrh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-23017\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYL3MN9zjgjWX9erEAQjMKA//YaSwGZ/DmvwILuYqYNbIGKvcatycisD6\nRrS+A7J9QqTEKqC8mZQ/OvfS5TukanQ/jzTNfRuGuO7booPRlhqVxZVLrSgQNaVD\n1FV/cQqXhS/FwmrM8wnWdLpsFUXRXsTqiOoUnymzZbSh1VDjB8VZZLjWc7Wnueqy\nclLQnYtwMT5axzXRJl/JiXs+yJBmzv5igSFMoGXEKDx6DTrWGtZENE1rpumPAjb6\nY3aDzDZYu4Bl9V1FCUOtksWnmP0Xl/kvSL31aUkyYbyi9i0DpQswmdBH4Bl5ulw2\nskkKH69ixA1wu+2D128toUy2ZR/MjX88sH3bCahhY1G4ajp0Vl3/p/kM7VVR5uRi\nKTVNK8FueNIvp8fMp8oYKhZW9It5DzlMa0Q1QcFfsutgf+932up8qJ9o0mQ9AbVK\nfBYb8F0hYMDI8udy+npgUM0WwwiBQAqzcHmbnYIRt6IK5f/dUOqucugiJFsbyTl2\npIcJty1208RbrDE/ctTcKuyVbHH9pPOHql5rFlJLAh7yYdHWh6J1QhmdA1RNm51h\nMEgO5OOVUjrV2mye1c8o7EkTzvuhu2RWQ7WyQc6C81ZlcUcjfNnq73vJ9HBNtNT5\nhsiDG/UdvY/thIQmqzSFI3z8ALFKPRUcJ91v/fZNRpBTxcsluN91X7XrHIQDNOs9\njVrMgzAG88I=\n=av6T\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.3 General\nAvailability release images, which fix bugs, provide security fixes, and\nupdate container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with\nsecurity policy built in. See the following Release Notes documentation, which will be\nupdated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nNote: Because Red Hat OpenShift Container Platform version 4.9 was just\nreleased, the functional testing of the compatibility between Red Hat\nAdvanced Cluster Management 2.3.3 and Red Hat OpenShift Container Platform\nversion 4.9 is still in progress. \n\nSecurity fixes: \n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a\npointer to a root domain name (CVE-2021-23017)\n\n* redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)\n\n* redis: Integer overflow issue with Streams (CVE-2021-32627)\n\n* redis: Integer overflow bug in the ziplist data structure\n(CVE-2021-32628)\n\n* redis: Integer overflow issue with intsets (CVE-2021-32687)\n\n* redis: Integer overflow issue with strings (CVE-2021-41099)\n\n* redis: Out of bounds read in lua debugger protocol parser\n(CVE-2021-32672)\n\n* redis: Denial of service via Redis Standard Protocol (RESP) request\n(CVE-2021-32675)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\nBug fixes:\n\n* KUBE-API: Support move agent to different cluster in the same namespace\n(BZ# 1977358)\n\n* Add columns to the Agent CRD list (BZ# 1977398)\n\n* ClusterDeployment controller watches all Secrets from all namespaces (BZ#\n1986081)\n\n* RHACM 2.3.3 images (BZ# 1999365)\n\n* Workaround for Network Manager not supporting nmconnections priority (BZ#\n2001294)\n\n* create cluster page empty in Safary Browser (BZ# 2002280)\n\n* Compliance state doesn\u0027t get updated after fixing the issue causing\ninitially the policy not being able to update the managed object (BZ#\n2002667)\n\n* Overview page displays VMware based managed cluster as other (BZ#\n2004188)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n1977358 - [4.8.0] KUBE-API: Support move agent to different cluster in the same namespace\n1977398 - [4.8.0] [master] Add columns to the Agent CRD list\n1978144 - CVE-2021-32690 helm: information disclosure vulnerability\n1986081 - [4.8.0] ClusterDeployment controller watches all Secrets from all namespaces\n1999365 - RHACM 2.3.3 images\n2001294 - [4.8.0] Workaround for Network Manager not supporting nmconnections priority\n2002280 - create cluster page empty in Safary Browser\n2002667 - Compliance state doesn\u0027t get updated after fixing the issue causing initially the policy not being able to update the managed object\n2004188 - Overview page displays VMware based managed cluster as other\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4921-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 28, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nCVE ID : CVE-2021-23017\nDebian Bug : 989095\n\nLuis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one\nin Nginx, a high-performance web and reverse proxy server, which could\nresult in denial of service and potentially the execution of arbitrary\ncode. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.14.2-2+deb10u4. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCw3CMACgkQEMKTtsN8\nTjYgGA/9FlgRs/kkpLxlnM5ymYDA+WAmc44BiKLajlItjdw54nifSb7WJQifSjND\nwWz6/1Qc2R84mgovtdReIcgEQDDmm8iCpslsWt4r/iWT5m/tlZhkLhBN1AyhW8VS\nu1Goqt+hFkz0fZMzv1vf9MwRkUma8SjxNcQdjs4fHzyZAfo+QoV4Ir0I7DIMKkZk\nN5teHqHIMaDasRZFQSpL8NuZC+JN5EEpB764mV+O/YqVrWeE9QUAnL0FgjcQUnmh\niQ5AmMJRtAnQXXu9Qkpx9WtDemHLFHC9JsWEKE3TJAegA4ZhfOo5MZcjesn6EoqV\n8rXAAupWzO5/wTxMeulqz4HTLeYPs+jTSONHwT1oG9kgY59jVcNVjg2DcGbG3/17\nueZdGTy70pgLSL6IKILNBgqHh0AqSyyuZmocy07DNGay+HzwuFSBq4RCCved+EPW\n4CMtIPSujjPzQqvg15gFNKt/7T2ZfKFR7zVfm0itI6KTjyAhmFhaNYNwWEifX68u\n8akhscDlUxmDQG1kbQ2u/IZqWeKG/TpbqaaTrTl6U+Gl1hmRO06Y4AckW1Xwm2r4\nCFSO9uHeNte5Vsw+4NlDntzRZOOfJ6qW8x0XF5Vgn7R9mfYPlvIWJgptsgrrijnf\nlhCPw5JMpzQ4afWlRUvQiaf0lOIySKIfv05wHPtIablmgjIGny4=\n=qxQw\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2021-23017" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "VULHUB", "id": "VHN-381503" }, { "db": "PACKETSTORM", "id": "162835" }, { "db": "PACKETSTORM", "id": "162986" }, { "db": "PACKETSTORM", "id": "162992" }, { "db": "PACKETSTORM", "id": "163013" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "164562" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "169062" } ], "trust": 2.43 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-381503", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381503" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-23017", "trust": 4.1 }, { "db": "PACKETSTORM", "id": "167720", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "163013", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162835", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "164948", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-007625", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162830", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "165782", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "162851", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "163003", "trust": 0.7 }, { "db": "EXPLOIT-DB", "id": "50973", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164523", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164562", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164282", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052543", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022041931", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021092811", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071833", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052901", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060212", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021100722", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012302", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052713", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060719", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060948", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021061520", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012747", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021062209", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3878", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1850", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3485", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1936", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1802", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3211", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3430", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1861", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1817", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2027", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1973", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022070032", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202105-1581", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "162992", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162986", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162819", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-381503", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169062", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381503" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "PACKETSTORM", "id": "162835" }, { "db": "PACKETSTORM", "id": "162986" }, { "db": "PACKETSTORM", "id": "162992" }, { "db": "PACKETSTORM", "id": "163013" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "164562" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "169062" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "id": "VAR-202106-1921", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381503" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:25:59.461000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0October\u00a02021 Oracle\u00a0Critical\u00a0Patch\u00a0Update", "trust": 0.8, "url": "https://support.f5.com/csp/article/k12331123" }, { "title": "Nginx Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=154683" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-193", "trust": 1.1 }, { "problemtype": "Boundary condition judgment (CWE-193) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381503" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://packetstormsecurity.com/files/167720/nginx-1.20.0-denial-of-service.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20210708-0006/" }, { "trust": 1.7, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3cnotifications.apisix.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3cnotifications.apisix.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3cnotifications.apisix.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3cnotifications.apisix.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3cnotifications.apisix.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/" }, { "trust": 1.0, "url": "https://support.f5.com/csp/article/k12331123%2c" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3cnotifications.apisix.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3cnotifications.apisix.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3cnotifications.apisix.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3cnotifications.apisix.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3cnotifications.apisix.apache.org%3e" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2021-23017" }, { "trust": 0.6, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k12331123" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052713" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163003/red-hat-security-advisory-2021-2278-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/nginx-buffer-overflow-via-dns-server-response-35526" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164282/red-hat-security-advisory-2021-3653-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6492205" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022041931" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1802" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162851/ubuntu-security-notice-usn-4967-2.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060719" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3211" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164523/red-hat-security-advisory-2021-3873-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021100722" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3430" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022070032" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2027" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1850" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6483657" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162835/gentoo-linux-security-advisory-202105-38.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052901" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071833" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052543" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060948" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1817" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3878" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021062209" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1973" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1936" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/50973" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012302" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163013/red-hat-security-advisory-2021-2290-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021092811" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3485" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021061520" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1861" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525030" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012747" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162830/nginx-1.20.0-dns-resolver-off-by-one-heap-write.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165782/red-hat-security-advisory-2022-0323-02.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060212" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-36222" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32626" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32687" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-37750" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22922" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22924" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32675" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-41099" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32627" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32672" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22923" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32628" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3653" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3656" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32690" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-32690" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k12331123," }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/glsa/202105-38" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2258" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2259" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2290" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23434" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21670" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21670" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25741" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22543" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25648" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21671" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4658" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3925" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21671" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25741" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23841" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37576" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-0512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3711" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36385" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3712" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32804" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33938" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33929" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32804" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22947" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3711" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33930" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22946" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33928" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381503" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "PACKETSTORM", "id": "162835" }, { "db": "PACKETSTORM", "id": "162986" }, { "db": "PACKETSTORM", "id": "162992" }, { "db": "PACKETSTORM", "id": "163013" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "164562" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "169062" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381503" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "PACKETSTORM", "id": "162835" }, { "db": "PACKETSTORM", "id": "162986" }, { "db": "PACKETSTORM", "id": "162992" }, { "db": "PACKETSTORM", "id": "163013" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "164562" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "169062" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-01T00:00:00", "db": "VULHUB", "id": "VHN-381503" }, { "date": "2022-02-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "date": "2021-05-27T13:28:42", "db": "PACKETSTORM", "id": "162835" }, { "date": "2021-06-07T13:45:14", "db": "PACKETSTORM", "id": "162986" }, { "date": "2021-06-07T13:50:43", "db": "PACKETSTORM", "id": "162992" }, { "date": "2021-06-08T14:13:55", "db": "PACKETSTORM", "id": "163013" }, { "date": "2021-10-15T15:06:44", "db": "PACKETSTORM", "id": "164523" }, { "date": "2021-10-20T15:45:47", "db": "PACKETSTORM", "id": "164562" }, { "date": "2021-11-12T17:01:04", "db": "PACKETSTORM", "id": "164948" }, { "date": "2021-05-28T19:12:00", "db": "PACKETSTORM", "id": "169062" }, { "date": "2021-05-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "date": "2021-06-01T13:15:07.853000", "db": "NVD", "id": "CVE-2021-23017" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-14T00:00:00", "db": "VULHUB", "id": "VHN-381503" }, { "date": "2022-02-18T01:21:00", "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "date": "2022-09-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "date": "2023-11-07T03:30:29.880000", "db": "NVD", "id": "CVE-2021-23017" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "162835" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx\u00a0 Vulnerability in determining boundary conditions in resolver", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007625" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1581" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.