Lucene search
K

12 matches found

CNNVD
CNNVD
added 2025/01/23 12:0 a.m.11 views

glibc 安全漏洞

glibc GNU C Library is a C standard library implemented by a GNU project of the GNU community. A security vulnerability exists in glibc, which stems from a lack of entropy...

5.1AI score0.00244EPSS
Exploits0References2
Redos
Redos
added 2024/04/04 12:0 a.m.40 views

ROS-20240404-02

Vulnerability of aresinetnetpton function of C-ares asynchronous DNS query library is related to violation of the initial buffer boundary. the initial buffer boundary. Exploitation of the vulnerability could allow an attacker to gain access to confidential data, violate its integrity, and cause a...

6.4CVSS7.2AI score0.00936EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.25 views

EulerOS Virtualization 2.10.0 : c-ares (EulerOS-SA-2023-2932)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

6.5CVSS6.4AI score0.00936EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/12/15 12:0 a.m.13 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3421)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01577EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/11/09 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3115)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01577EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.29 views

RHEL 9 : c-ares (RHSA-2023:6635)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6635 advisory. The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. The following packages have been...

8.6CVSS6.8AI score0.01232EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2023/10/26 6:27 p.m.96 views

CVE-2023-31582

A flaw was found in Jose4J which allows a malicious user or internal person to erroneously set a low iteration count of 1000 or less to secure the Json Web Token. This could apply to lack of entropy and leave the system less secure. Mitigation No mitigation is currently available for this flaw...

6.8CVSS6.6AI score0.00644EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/07/12 12:0 a.m.29 views

CentOS 8 : nodejs:16 (CESA-2023:4034)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:4034 advisory. - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as see...

7.5CVSS6.5AI score0.01577EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/14 7:33 a.m.9 views

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

3.7CVSS7.2AI score0.00936EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/05/31 12:0 a.m.30 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : c-ares (SUSE-SU-2023:2313-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2313-1 advisory. Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service bsc12116...

7.5CVSS6.7AI score0.01577EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2023/05/25 10:15 p.m.39 views

CVE-2023-31124

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

3.7CVSS6.5AI score0.00936EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2010/02/09 12:0 a.m.29 views

Microsoft SMB NTLM Authentication Lack of Entropy (MS10-012; CVE-2010-0231)

The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. An elevation of privilege vulnerability has been reported in the way that Microsoft Server Message Block SMB Protocol software handles authentication attempts. The vulnerability is due to a lack of...

10CVSS8.9AI score0.41262EPSS
Exploits5
Rows per page
Query Builder