38 matches found
F5 Networks BIG-IP : c-ares vulnerability (K000149130)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.2. It is, therefore, affected by a vulnerability as referenced in the K000149130 advisory. The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be...
Linux Distros Unpatched Vulnerability : CVE-2017-1000381
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the...
K000149130: c-ares vulnerability CVE-2017-1000381
Security Advisory Description The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVE-2017-1000381 Impact An authenticated...
Ubuntu 16.04 ESM / 18.04 ESM : Node.js vulnerabilities (USN-4796-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4796-1 advisory. Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An...
BELL-CVE-2017-1000381 CVE-2017-1000381 does not affect BellSoft software
Bulletin has no description...
Mageia: Security Advisory (MGASA-2019-0277)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2168-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:1792-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2020-1480)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Integration Bus is affected by Node.js security vulnerability ( CVE-2017-1000381 and CVE-2017-11499 )
Summary IBM Integration Bus has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the aresparsenaptrreply function when parsing NAPTR responses...
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2019-1805)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization for ARM 64 3.0.2.0 : c-ares (EulerOS-SA-2019-1950)
According to the versions of the c-ares package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in c-ares. A hostname with an escaped trailing dot such as 'hello.' would have its size...
EulerOS 2.0 SP5 : c-ares (EulerOS-SA-2019-1805)
According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in c-ares. A hostname with an escaped trailing dot such as 'hello.' would have its size calculated incorrectly, leadin...
SUSE SLES12 Security Update : nodejs4, nodejs6 (SUSE-SU-2017:2168-1)
This update for nodejs4 and nodejs6 fixes the following issues: Security issues fixed : - CVE-2017-1000381: The c-ares function aresparsenaptrreply could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. bsc1044946 ...
Security Bulletin: Multiple vulnerabilities might affect IBM® SDK for Node.js™
Summary Vulnerabilities in Node.js and the c-ares library were disclosed on July 11 2017 by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-11499 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by a flaw relate...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix
Summary Vulnerabilities in Node.js and the c-ares library were disclosed on July 11 2017 by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remote attacker to obtain sensitive informatio...
Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that...
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM API Connect (CVE-2017-1000381, CVE-2017-11499)
Summary IBM API Connect has addressed Node.js vulnerabilities involving access to sensitive information and potential denial of service. Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read...
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor
Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remot...
openSUSE Security Update : nodejs4 / nodejs6 (openSUSE-2017-948)
This update for nodejs4 and nodejs6 fixes the following issues : Security issues fixed : - CVE-2017-1000381: The c-ares function aresparsenaptrreply could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. bsc1044946...