Lucene search
K

81 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 1:28 p.m.10 views

Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to C-Ares

Summary C-Ares is used in IBM DataPower Gateway's DNS resolver Vulnerability Details CVEID:CVE-2025-31498 DESCRIPTION: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS...

8.3CVSS6.5AI score0.00577EPSS
Exploits0Affected Software1
Rosalinux
Rosalinux
added 2025/12/02 1:21 p.m.8 views

Advisory ROSA-SA-2025-3106

Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-11.rv3 CVE-ID: CVE-2020-22217 BDU-ID: 2023-05898 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the aresparsesoareply function of the C-ares asynchronous DNS query library is related to an operation exceeding...

6.4CVSS9AI score0.00838EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.3 views

NewStart CGSL MAIN 7.02 : c-ares Vulnerability (NS-SA-2025-0167)

The remote NewStart CGSL host, running version MAIN 7.02, has c-ares packages installed that are affected by a vulnerability: - c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASE...

5.5CVSS7.2AI score0.00349EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.8 views

TencentOS Server 4: c-ares (TSSA-2024:0263)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0263 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

5.5CVSS7.2AI score0.00349EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.8 views

TencentOS Server 3: c-ares (TSSA-2024:0313)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0313 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

5.5CVSS7.2AI score0.00349EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/09 12:0 a.m.4 views

NewStart CGSL MAIN 7.02 : c-ares Vulnerability (NS-SA-2025-0075)

The remote NewStart CGSL host, running version MAIN 7.02, has c-ares packages installed that are affected by a vulnerability: - c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASE...

5.5CVSS7.2AI score0.00349EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/05/19 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2025-1482)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6AI score0.00349EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.7 views

Alibaba Cloud Linux 3 : 0190: c-ares (ALINUX3-SA-2024:0190)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0190 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-25629: c-ares is a C library for...

5.5CVSS7.2AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2025/05/07 7:13 p.m.4 views

RLSA-2024:3842 Low: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

4.4CVSS7AI score0.00349EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.11 views

c-ares security update

An update is available for c-ares. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The c-ares C library defines asynchronous DNS Domain Name System requests and...

5.5CVSS6.1AI score0.00349EPSS
Exploits0
OSV
OSV
added 2025/05/07 7:11 p.m.3 views

RLSA-2024:4249 Low: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

4.4CVSS7AI score0.00349EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.6 views

RockyLinux 8 : c-ares (RLSA-2024:4249)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4249 advisory. c-ares: Out of bounds read in aresreadline CVE-2024-25629 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. No...

5.5CVSS6.9AI score0.00349EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2024-25629

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the...

5.5CVSS7AI score0.00349EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2025/02/26 4:8 p.m.5 views

CVE-2024-25629 affecting package ceph for versions less than 18.2.2-1

CVE-2024-25629 affecting package ceph for versions less than 18.2.2-1. A patched version of the package is available...

5.5CVSS7.2AI score0.00349EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/02/22 4:7 p.m.9 views

CVE-2024-25629 affecting package grpc for versions less than 1.42.0-9

CVE-2024-25629 affecting package grpc for versions less than 1.42.0-9. A patched version of the package is available...

5.5CVSS5.8AI score0.00349EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/02/22 4:7 p.m.5 views

CVE-2024-25629 affecting package c-ares for versions less than 1.19.1-2

CVE-2024-25629 affecting package c-ares for versions less than 1.19.1-2. A patched version of the package is available...

5.5CVSS5.8AI score0.00349EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.5 views

Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent (CVE-2024-25629)

The version of c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25629 advisory. - c-ares is a C library for asynchronous DNS requests...

5.5CVSS7.2AI score0.00349EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/02/05 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2025-1091)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.8AI score0.00349EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 8:41 p.m.56 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to...

8.1CVSS9.1AI score0.01947EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2024/11/11 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2881)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.2AI score0.00349EPSS
Exploits0References2
Rows per page
Query Builder