Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

44 matches found

OpenVAS
OpenVASadded 2023/09/11 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2804)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.00119EPSS
Exploits0References2
OpenVAS
OpenVASadded 2023/09/11 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2749)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.00399EPSS
Exploits0References2
OpenVAS
OpenVASadded 2023/09/11 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2718)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.00399EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2023/09/11 12:0 a.m.27 views

Ubuntu 16.04 ESM / 18.04 ESM : c-ares vulnerabilities (USN-6164-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6164-2 advisory. USN-6164-1 fixed several vulnerabilities in c-ares. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

7.5CVSS6.5AI score0.00399EPSS
Exploits0References3
F5 Networks
F5 Networksadded 2023/08/11 10:31 p.m.29 views

K000135831: Node.js vulnerability CVE-2023-32067

Security Advisory Description c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interpret...

7.5CVSS6.5AI score0.00399EPSS
Exploits0Affected Software15
OpenVAS
OpenVASadded 2023/08/08 12:0 a.m.32 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2605)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.00399EPSS
Exploits0References2
OpenVAS
OpenVASadded 2023/08/08 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2575)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.00399EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2023/08/08 12:0 a.m.19 views

EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2023-2575)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as...

7.5CVSS6.4AI score0.00399EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2023/08/08 12:0 a.m.28 views

EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2023-2605)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as...

7.5CVSS6.4AI score0.00399EPSS
Exploits0References5
OpenVAS
OpenVASadded 2023/08/03 12:0 a.m.14 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2536)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.00399EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2023/06/27 12:0 a.m.18 views

Debian dla-3471 : libc-ares-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3471 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3471-1 [email protected]...

7.5CVSS6.8AI score0.00399EPSS
Exploits0References6
Tenable Nessus
Tenable Nessusadded 2023/06/25 12:0 a.m.32 views

Rocky Linux 9 : nodejs:18 (RLSA-2023:3577)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3577 advisory. - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen...

7.5CVSS6.5AI score0.00399EPSS
Exploits0References9
Tenable Nessus
Tenable Nessusadded 2023/06/14 12:0 a.m.22 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : c-ares vulnerabilities (USN-6164-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6164-1 advisory. Hannes Moesl discovered that c-ares incorrectly handled certain ipv6 addresses. An attacker could use this issue to cause c-ares to...

7.5CVSS7AI score0.00399EPSS
Exploits0References3
NVD
NVDadded 2023/05/25 11:15 p.m.16 views

CVE-2023-32067

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

7.5CVSS7.4AI score0.00399EPSS
Exploits0References8
Debian CVE
Debian CVEadded 2023/05/25 10:49 p.m.33 views

CVE-2023-32067

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

7.5CVSS6.2AI score0.00399EPSS
Exploits0
OSV
OSVadded 2023/05/25 10:49 p.m.30 views

CVE-2023-32067 0-byte UDP payload DoS in c-ares

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

7.5CVSS6.6AI score0.00399EPSS
Exploits0References10
NVD
NVDadded 2023/05/25 10:15 p.m.15 views

CVE-2023-31124

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

3.7CVSS5.5AI score0.00096EPSS
Exploits0References5
Prion
Prionadded 2023/05/25 10:15 p.m.22 views

Cross site scripting

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

2.6CVSS5.2AI score0.00096EPSS
Exploits0References5Affected Software2
CVE
CVEadded 2023/05/25 9:55 p.m.472 views

CVE-2023-31147

CVE-2023-31147 affects the c-ares library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares used rand() to generate DNS query IDs, which is not a CSPRNG and was not seeded by srand(), leading to predictable values. The RNG input fed into a non-compliant RC4 implementation could weaken ...

6.5CVSS6.9AI score0.00119EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2023/05/25 9:45 p.m.16 views

CVE-2023-31130 Buffer Underwrite in ares_inet_net_pton()

c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...

4.1CVSS7.3AI score0.00014EPSS
Exploits0References8
Rows per page
Query Builder