1298 matches found
CLSA-2025-1756408700 nodejs: Fix of CVE-2024-25629
CVE-2024-25629: prevent reading before buffer start when parsing config files containing an embedded NULL as the first character of a line by discarding such lines in aresreadline...
Linux Distros Unpatched Vulnerability : CVE-2020-22217
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply in aresparsesoareply.c. CVE-2020-22217 Note that Nessus relies on t...
Linux Distros Unpatched Vulnerability : CVE-2025-48945
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to...
Malicious code in ares-api-integrations (npm)
The package ares-api-integrations was found to contain malicious code...
Malicious code in ares-api-search (npm)
The package ares-api-search was found to contain malicious code...
MAL-2025-14817 Malicious code in ares-api-search (npm)
The package ares-api-search was found to contain malicious code...
MAL-2025-14816 Malicious code in ares-api-integrations (npm)
The package ares-api-integrations was found to contain malicious code...
ROOT-OS-DEBIAN-12-CVE-2024-25629 CVE-2024-25629 in rootio-c-ares - Patched by Root
Root has patched CVE-2024-25629 in the rootio-c-ares package for Root:Debian:12. Multiple fixed versions available...
Advisory ROSA-SA-2025-2913
software: c-ares 1.19.1 OS: ROSA-CHROME unaffected versions = c-ares-1.19.1-2 affected versions c-ares-1.19.1-2 CVE-ID: CVE-2024-25629 BDU-ID: 2024-01708 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the aresreadline function of the C-ares asynchronous DNS query library is related to an operatio...
RockyLinux 8 : nodejs:20 (RLSA-2025:4461)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:4461 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 Tenable has extracted the preceding description block directly from the RockyLinux security...
RockyLinux 8 : nodejs:22 (RLSA-2025:4459)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4459 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 Tenable has extracted the preceding...
RockyLinux 9 : nodejs:22 (RLSA-2025:7433)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7433 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 Tenable has extracted the preceding...
RLSA-2025:7433 Important: nodejs:22 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 For more details about the...
RLSA-2025:7426 Moderate: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 For more details about the security issues, including the impact, a CVSS score,...
nodejs:22 security update
An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...
RLSA-2025:4459 Important: nodejs:22 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 For more details about the...
RLSA-2025:4461 Moderate: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 For more details about the security issues, including the impact, a CVSS score,...
nodejs:22 security update
An update is available for module.nodejs-nodemon, nodejs, nodejs-nodemon, nodejs-packaging, module.nodejs, module.nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
NewStart CGSL MAIN 7.02 : c-ares Vulnerability (NS-SA-2025-0167)
The remote NewStart CGSL host, running version MAIN 7.02, has c-ares packages installed that are affected by a vulnerability: - c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASE...
F5 Networks BIG-IP : c-ares vulnerability (K000149130)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.2. It is, therefore, affected by a vulnerability as referenced in the K000149130 advisory. The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be...