Lucene search
K

47 matches found

RedHat Linux
RedHat Linux
added 2023/07/12 8:17 a.m.37 views

Important: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS6.5AI score0.01577EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/07/12 8:17 a.m.5 views

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

3.7CVSS7.2AI score0.00936EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2023/07/12 12:0 a.m.51 views

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...

7.5CVSS8.5AI score0.01577EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2023/06/14 8:43 a.m.4 views

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

3.7CVSS7.2AI score0.00936EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/14 7:33 a.m.38 views

Important: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.5AI score0.01577EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/14 7:33 a.m.9 views

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

3.7CVSS7.2AI score0.00936EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/06/14 12:0 a.m.30 views

RHEL 9 : nodejs (RHSA-2023:3586)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3586 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

7.5CVSS6.5AI score0.01577EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/06/14 12:0 a.m.29 views

RHEL 9 : nodejs:18 (RHSA-2023:3577)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3577 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

7.5CVSS6.5AI score0.01577EPSS
Exploits0References10
Microsoft CVE
Microsoft CVE
added 2023/06/03 7:0 a.m.4 views

AutoTools does not set CARES_RANDOM_FILE during cross compilation

...

3.7CVSS6.4AI score0.00936EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/05/31 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2023:2313-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01577EPSS
Exploits0References7
OSV
OSV
added 2023/05/25 10:15 p.m.2 views

DEBIAN-CVE-2023-31124

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

3.7CVSS6.2AI score0.00936EPSS
Exploits0References1
NVD
NVD
added 2023/05/25 10:15 p.m.22 views

CVE-2023-31124

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

3.7CVSS5.5AI score0.00936EPSS
Exploits0References5
Prion
Prion
added 2023/05/25 10:15 p.m.27 views

Cross site scripting

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

2.6CVSS5.2AI score0.00936EPSS
Exploits0References5Affected Software2
UbuntuCve
UbuntuCve
added 2023/05/25 10:15 p.m.40 views

CVE-2023-31124

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

3.7CVSS6.5AI score0.00936EPSS
Exploits0References3
CVE
CVE
added 2023/05/25 9:9 p.m.479 views

CVE-2023-31124

CVE-2023-31124 concerns c-ares where cross-compiling with autotools can leave CARES_RANDOM_FILE unset, causing a fallback to rand() for DNS query ID entropy rather than a CSPRNG. The result is reduced randomness and potential predictability of DNS IDs, raising security risk under entropy-limited ...

3.7CVSS6AI score0.00936EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/05/25 9:9 p.m.31 views

CVE-2023-31124 AutoTools does not set CARES_RANDOM_FILE during cross compilation

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

3.7CVSS6AI score0.00936EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2023/05/25 12:0 a.m.38 views

Use of Insufficiently Random Values

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

3.7CVSS6.6AI score0.00936EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2023/05/24 4:11 a.m.19 views

CVE-2023-31124

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

3.7CVSS6.4AI score0.00936EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/05/23 2:54 a.m.4 views

SUSE CVE-2023-31124

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

3.7CVSS6.8AI score0.00936EPSS
Exploits0References22
Slackware Linux
Slackware Linux
added 2023/05/22 7:9 p.m.33 views

[slackware-security] c-ares

New c-ares packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/c-ares-1.19.1-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: 0-byte UDP payload causes Denial of Service...

7.5CVSS6.9AI score0.01577EPSS
Exploits0
Rows per page
Query Builder