102 matches found
MiracleLinux 8 : c-ares-1.13.0-6.el8.ML.1 (AXSA:2022-3337:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3337:02 advisory. c-ares: Missing input validation of host names may lead to domain hijacking CVE-2021-3672 Tenable has extracted the preceding description block directly from...
CVE-2021-3672 affecting package ceph for versions less than 18.2.2-1
CVE-2021-3672 affecting package ceph for versions less than 18.2.2-1. A patched version of the package is available...
CVE-2021-3672 affecting package pgbouncer for versions less than 1.24.1-1
CVE-2021-3672 affecting package pgbouncer for versions less than 1.24.1-1. This CVE either no longer is or was never applicable...
CVE-2021-3672 affecting package pgbouncer 1.16.1-1
CVE-2021-3672 affecting package pgbouncer 1.16.1-1. This CVE either no longer is or was never applicable...
NewStart CGSL MAIN 6.02 : c-ares Multiple Vulnerabilities (NS-SA-2024-0066)
The remote NewStart CGSL host, running version MAIN 6.02, has c-ares packages installed that are affected by multiple vulnerabilities: - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnam...
Amazon Linux 2 : c-ares (ALAS-2024-2399)
The version of c-ares installed on the remote host is prior to 1.10.0-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2399 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Serve...
BELL-CVE-2021-3672 CVE-2021-3672 does not affect BellSoft software
Bulletin has no description...
FreeBSD : py39-pycares -- domain hijacking vulnerability (43e9ffd4-d6e0-11ed-956f-7054d21a9e2a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 43e9ffd4-d6e0-11ed-956f-7054d21a9e2a advisory. - A flaw was found in c-ares library, where a missing input validation check of host names returned by...
K53225395: Node.js vulnerabilities CVE-2021-3672 and CVE-2021-22931
Security Advisory Description CVE-2021-3672 Missing input validation of host names returned by Domain Name Servers DNS in the c-ares library can lead to output of wrong hostnames which may lead to Domain Hijacking. CVE-2021-22931 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote...
EulerOS Virtualization 3.0.2.2 : c-ares (EulerOS-SA-2023-1246)
According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can...
GHSA-C58J-88F5-H53F Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares
Impact pycares versions 4.2.0 are affected by CVE-2021-3672. Patches Update to version 4.2.0...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares
Impact pycares versions 4.2.0 are affected by CVE-2021-3672. Patches Update to version 4.2.0...
Oracle Linux 8 : c-ares (ELSA-2022-2043)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-2043 advisory. 1.13.0-6 - Resolves: rhbz1989425 - CVE-2021-3672 c-ares: missing input validation of host names may lead to Domain Hijacking rhel-8 Tenable has extracted the...
Rocky Linux 8 : c-ares (RLSA-2022:2043)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:2043 advisory. - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong...
AlmaLinux 8 : c-ares (ALSA-2022:2043)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2043 advisory. - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostname...
Moderate: Red Hat Security Advisory: c-ares security update
An update for c-ares is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RLSA-2022:2043 Moderate: c-ares security update
The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Missing input validation of host names may lead to domain hijacking CVE-2021-3672 For more details about the security issues, including the impact, a CVSS score,...
c-ares security update
An update is available for c-ares. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The c-ares C library defines asynchronous DNS Domain Name System requests and...
Moderate: c-ares security update
The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Missing input validation of host names may lead to domain hijacking CVE-2021-3672 For more details about the security issues, including the impact, a CVSS score,...
CentOS 8 : c-ares (CESA-2022:2043)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:2043 advisory. - c-ares: Missing input validation of host names may lead to domain hijacking CVE-2021-3672 Note that Nessus has not tested for this issue but has instead relie...