89 matches found
Advisory ROSA-SA-2025-3106
Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-11.rv3 CVE-ID: CVE-2020-22217 BDU-ID: 2023-05898 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the aresparsesoareply function of the C-ares asynchronous DNS query library is related to an operation exceeding...
Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cooki...
Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31130)
The version of c-ares / fluent-bit / grpc / nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31130 advisory. - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a...
CVE-2023-31130 affecting package grpc for versions less than 1.42.0-11
CVE-2023-31130 affecting package grpc for versions less than 1.42.0-11. A patched version of the package is available...
Photon OS 5.0: Python3 PHSA-2023-5.0-0084
An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0084. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CBL Mariner 2.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31130)
The version of c-ares / fluent-bit / grpc / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31130 advisory. - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a...
CVE-2023-31130 affecting package python-gevent for versions less than 21.1.2-3
CVE-2023-31130 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is available...
CentOS 9 : nodejs-16.20.1-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.20.1-1.el9 build changelog. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json...
K000138586: Node.js c-areas vulnerability CVE-2023-31130
Security Advisory Description c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would...
EulerOS Virtualization 2.9.0 : c-ares (EulerOS-SA-2023-2977)
According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...
EulerOS 2.0 SP11 : c-ares (EulerOS-SA-2023-2676)
According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular...
EulerOS Virtualization 2.11.0 : c-ares (EulerOS-SA-2023-2749)
According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in...
EulerOS Virtualization 2.10.0 : c-ares (EulerOS-SA-2023-2932)
According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...
EulerOS Virtualization 2.11.1 : c-ares (EulerOS-SA-2023-2718)
According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in...
EulerOS 2.0 SP10 : c-ares (EulerOS-SA-2023-2780)
According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as...
EulerOS Virtualization 2.10.1 : c-ares (EulerOS-SA-2023-2913)
According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...
EulerOS 2.0 SP8 : c-ares (EulerOS-SA-2023-3115)
According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, a...
EulerOS Virtualization 3.0.6.0 : c-ares (EulerOS-SA-2023-3421)
According to the versions of the c-ares packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE wil...
Amazon Linux 2 : c-ares (ALAS-2024-2399)
The version of c-ares installed on the remote host is prior to 1.10.0-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2399 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Serve...
Rocky Linux 8 : c-ares (RLSA-2023:7207)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7207 advisory. - Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply in aresparsesoareply.c. CVE-2020-22217 - c-ares is an...