Lucene search
K

48 matches found

OSV
OSV
added 2023/05/25 10:15 p.m.10 views

AZL-43693 CVE-2023-31130 affecting package python-pycares 3.1.1-3

c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...

6.4CVSS6.7AI score0.00333EPSS
Exploits0References1
OSV
OSV
added 2023/05/25 10:15 p.m.12 views

AZL-43702 CVE-2023-31147 affecting package python-pycares 3.1.1-3

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

6.5CVSS6.7AI score0.00905EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/04/14 12:0 a.m.23 views

FreeBSD : py39-pycares -- domain hijacking vulnerability (43e9ffd4-d6e0-11ed-956f-7054d21a9e2a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 43e9ffd4-d6e0-11ed-956f-7054d21a9e2a advisory. - A flaw was found in c-ares library, where a missing input validation check of host names returned by...

6.8CVSS6.8AI score0.02617EPSS
Exploits1References3
OSV
OSV
added 2023/03/06 11:15 p.m.9 views

AZL-43921 CVE-2022-4904 affecting package python-pycares 3.1.1-3

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

8.6CVSS7.1AI score0.01232EPSS
Exploits1References1
OSV
OSV
added 2022/07/05 10:8 p.m.34 views

GHSA-C58J-88F5-H53F Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares

Impact pycares versions 4.2.0 are affected by CVE-2021-3672. Patches Update to version 4.2.0...

5.6CVSS6.4AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/07/05 10:8 p.m.3 views

01os (=0.0.14), ai-sec (>=0.0.1 <=0.0.9) +212 more potentially affected by unknown CVE via pycares (>=1.0.0 <=4.1.2)

pycares PYPI version =1.0.0, =0.0.1, =0.7.1, =0.1.0, =0.1.3, =0.1.1, =0.1.0, =2.0.4, =0.1.0, =0.0.1a1, =0.1.3, =22.5.13, =26.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-C58J-88F5-H53F...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/07/05 10:8 p.m.38 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares

Impact pycares versions 4.2.0 are affected by CVE-2021-3672. Patches Update to version 4.2.0...

6.8CVSS3.1AI score0.02617EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2021/10/02 12:0 a.m.19 views

Fedora: Security Advisory for python-pycares (FEDORA-2021-a48cf28c13)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8CVSS6.2AI score0.02617EPSS
Exploits1References2
Rows per page
Query Builder