Advisory ROSA-SA-2025-3106

Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-11.rv3 CVE-ID: CVE-2020-22217 BDU-ID: 2023-05898 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the aresparsesoareply function of the C-ares asynchronous DNS query library is related to an operation exceeding...

CLSA-2025-1751142388 grafana: Fix of CVE-2022-31130

CVE-2022-31130: fix potential leak of authentication tokens to plugins...

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cooki...

CVE-2025-31130 vulnerabilities

Vulnerabilities for packages: cargo-c, helix, starship...

Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31130)

The version of c-ares / fluent-bit / grpc / nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31130 advisory. - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a...

CVE-2023-31130 affecting package grpc for versions less than 1.42.0-11

CVE-2023-31130 affecting package grpc for versions less than 1.42.0-11. A patched version of the package is available...

gitoxide (>=0.1.0 <=0.15.0) potentially affected by CVE-2025-31130 via gitoxide-core (>=0.10.5 <=0.3.0)

gitoxide-core CARGO version =0.10.5, =0.1.0, =0.15.0 Source cves: CVE-2025-31130 Source advisory: OSV:GHSA-2FRX-2596-X5R6...

CVE-2025-31130

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

CVE-2025-31130 gitoxide does not detect SHA-1 collision attacks

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

CVE-2025-31130

creationtimestamp| type| source ---|---|--- 2025-04-04 03:06:14+00:00| published-proof-of-concept| https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-2frx-2596-x5r6 2025-04-04 15:37:01+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10475 2025-04-04...

gix-fs (>=0.1.0 <=0.9.1), gix-lock (>=5.0.0 <=12.0.1) +1 more potentially affected by CVE-2025-31130 via gix-features (>=0.29.0 <=0.37.2)

gix-features CARGO version =0.29.0, =0.1.0, =5.0.0, =5.0.3, =12.0.1 Source cves: CVE-2025-31130 Source advisory: OSV:RUSTSEC-2025-0021...

Linux Distros Unpatched Vulnerability : CVE-2022-31130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication...

CVE-2023-31130

creationtimestamp| type| source ---|---|--- 2025-01-16 18:56:19+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2008...

Photon OS 5.0: Python3 PHSA-2023-5.0-0084

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0084. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CBL Mariner 2.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31130)

The version of c-ares / fluent-bit / grpc / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31130 advisory. - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a...

GHSA-JV32-5578-PXJC Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

CVE-2023-31130 affecting package python-gevent for versions less than 21.1.2-3

CVE-2023-31130 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is available...

openSUSE: Security Advisory for grafana (SUSE-SU-2023:0362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : nodejs-16.20.1-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.20.1-1.el9 build changelog. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json...