Medium: nodejs20

Issue Overview: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-562)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-562 advisory. c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares...

Amazon Linux 2 : c-ares (ALAS-2024-2494)

The version of c-ares installed on the remote host is prior to 1.10.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2494 advisory. c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as...

CVE-2024-27287

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...

Cross site scripting

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...

CVE-2024-27287 ESPHome vulnerable to stored Cross-site Scripting in edit configuration file API

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...

BIT-GRAFANA-2020-12459

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml which contain a secretkey and a bindpassword are world readable...

BIT-ODOO-2021-44476

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files...

USN-6676-1: c-ares vulnerability

Vojtěch Vobr discovered that c-ares incorrectly handled user input from local configuration files. An attacker could possibly use this issue to cause a denial of service via application crash...

PT-2024-21795 · Esphome · Esphome

Name of the Vulnerable Software and Affected Versions: ESPHome versions 2023.12.9 through 2024.2.2 Description: The issue allows a remote authenticated user to inject arbitrary web script and exfiltrate session cookies via Cross-Site scripting. A malicious authenticated user can inject arbitrary...

CVE-2023-45596

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2023-45596

The CVE-2023-45596 issue affects AiLux imx6 bundle prior to version imx6_1.0.7-2. A CWE-425 Direct Request/Forced Browsing vulnerability in the web app’s file_configuration functionality allows remote unauthenticated access to confidential configuration files. Root cause: missing/weak authorizati...

CVE-2023-45596

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

AiLux imx6 Security Vulnerability

AiLux imx6 is a computing module from AiLux. A security vulnerability exists in versions prior to AiLux imx6 bundle imx61.0.7-2 that stems from a lack of authorization and allows an unauthenticated, remote attacker to access confidential configuration files...

LangChain Security Breach

LangChain builds applications using LLM through composability. A security vulnerability exists in LangChain 0.1.10 and earlier versions that stems from a URI traversal vulnerability when loading configuration files...

PT-2024-21634 · Esphome · Esphome

Name of the Vulnerable Software and Affected Versions: ESPHome versions 2023.12.9 through 2024.2.0 Description: A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome allows authenticated remote attackers to read and write arbitrary files under the...

SUSE CVE-2024-25629

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

FreeBSD : dns/c-ares -- malformatted file causes application crash (255bf44c-d298-11ee-9c27-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 255bf44c-d298-11ee-9c27-40b034429ecf advisory. - c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuratio...

CVE-2024-25629

A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...

AZL-38126 CVE-2024-25629 affecting package ceph for versions less than 18.2.2-1

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...