AZL-35048 CVE-2024-25629 affecting package nodejs for versions less than 20.14.0-1

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

AZL-35132 CVE-2024-25629 affecting package python-gevent for versions less than 23.9.1-4

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

AZL-34455 CVE-2024-25629 affecting package fluent-bit for versions less than 2.2.3-1

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

AZL-34453 CVE-2024-25629 affecting package c-ares for versions less than 1.19.1-2

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

Design/Logic Flaw

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

UBUNTU-CVE-2024-25629

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

CVE-2024-25629 c-ares out of bounds read in ares__read_line()

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

CVE-2024-25629

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

CVE-2024-25629

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

CVE-2024-25629

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

Threat Hunting Powered by Efficient and Straightforward Anomaly Detection on Your Data Lake

Effective monitoring and anomaly detection within a data environment are crucial, particularly in todays data-driven landscape. At Imperva Threat Research, our data lake serves as the backbone for a range of critical functions, including threat hunting, risk analysis, and trend detection. However...

CVE-2024-22318

IBM i Access Client Solutions ACS 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager NTLM hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try ...

Design/Logic Flaw

IBM i Access Client Solutions ACS 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager NTLM hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try ...

CVE-2024-22318 IBM i Access Client Solutions information disclosure

IBM i Access Client Solutions ACS 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager NTLM hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try ...

Security Bulletin: IBM i Access Client Solutions is vulnerable to remote credential theft when NTLM is enabled on Windows workstations

Summary IBM i Access Client Solutions ACS is vulnerable to remote credential theft when NT LAN Manager NTLM is enabled on Windows workstations CVE-2024-22318. Since IBM i Access Client solutions allows Universal Naming Convention UNC paths in its configuration files, if a path is modified to poin...

The vulnerability of the Configuration Handler component in the microprogramming software for Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC allows a perpetrator to execute arbitrary code.

The vulnerability of the Configuration Handler component in the microprogramming software for Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC relates to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code b...

CVE-2023-4553

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2...

Input validation

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2...

CVE-2023-4553

CVE-2023-4553 affects OpenText AppBuilder (versions 21.2 through 23.2). The vulnerability is due to improper input validation, enabling probing of system files. Additionally, AppBuilder configuration files are viewable by unauthenticated users. Impact is described as low confidentiality risk (C) ...

CVE-2023-4553 Unauthenticated Access to AppBuilder Configuration Files

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2...