Download
| Alert*
oval:org.secpod.oval:def:75906
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs: Use-after-free on close http2 on stream canceling * nodejs: Use-after-free on close http2 on stream canceling * c-ares: Missing input valid ... oval:org.secpod.oval:def:506351 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs: Use-after-free on close http2 on stream canceling * nodejs: Use-after-free on close http2 on stream canceling * c-ares: Missing input valid ... oval:org.secpod.oval:def:120629 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named ares, written by Greg Hudson at MIT. oval:org.secpod.oval:def:120628 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named ares, written by Greg Hudson at MIT. oval:org.secpod.oval:def:89045517 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers - If ares_getaddrinfo was terminated by an ares_destroy, it would cause crash - Crash in sortaddrinfo if the list s ... oval:org.secpod.oval:def:74577 Philipp Jeitner and Haya Shulman discovered a flaw in libc-ares2, a library that performs DNS requests and name resolution asynchronously. Missing input validation of hostnames returned by DNS servers can lead to output of wrong hostnames . oval:org.secpod.oval:def:506911 The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: * c-ares: Missing input validation of host names may lead to domain hijacking For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related info ... oval:org.secpod.oval:def:120652 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named ares, written by Greg Hudson at MIT. oval:org.secpod.oval:def:74560 c-ares: library for asynchronous name resolution c-ares could be made to return wrong domains. oval:org.secpod.oval:def:1505652 [1.13.0-6] - Resolves: rhbz#1989425 - CVE-2021-3672 c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-8] oval:org.secpod.oval:def:89045522 This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames . oval:org.secpod.oval:def:2500710 The c-ares C library defines asynchronous DNS requests and provides name resolving API. oval:org.secpod.oval:def:2500478 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:1601486 A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availabil ... oval:org.secpod.oval:def:706099 c-ares: library for asynchronous name resolution c-ares could be made to return wrong domains. oval:org.secpod.oval:def:89045507 This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames . oval:org.secpod.oval:def:506323 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs . Security Fix: * nodejs: Use-after-free on close http2 on stream canceling ... oval:org.secpod.oval:def:506322 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs . Security Fix: * nodejs: Use-after-free on close http2 on stream canceling ... oval:org.secpod.oval:def:2106696 Oracle Solaris 11 - ( CVE-2021-3672 ) oval:org.secpod.oval:def:4500974 The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: * c-ares: Missing input validation of host names may lead to domain hijacking For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related info ... oval:org.secpod.oval:def:605598 Philipp Jeitner and Haya Shulman discovered a flaw in c-ares, a library that performs DNS requests and name resolution asynchronously. Missing input validation of hostnames returned by DNS servers can lead to output of wrong hostnames . oval:org.secpod.oval:def:89047312 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers - If ares_getaddrinfo was terminated by an ares_destroy, it would cause crash - Crash in sortaddrinfo if the list s ... oval:org.secpod.oval:def:2500264 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:1505133 nodejs [1:14.17.5-1] - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves RHBZ#1847529 - Resolves: RHBZ#1988599, RHBZ#1994000, RHBZ#1993998, RHBZ#1993095 - Resolves: RHBZ#1994028, RHBZ#1994402, RHBZ#199 ... oval:org.secpod.oval:def:1505128 nodejs [1:12.22.5-1] - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves RHBZ#1951621 - Resolves: RHBZ#1988595, RHBZ#1993992, RHBZ#1993989, RHBZ#1993093 - Resolves: RHBZ#1994025, RHBZ#1994403, RHBZ#199 ... oval:org.secpod.oval:def:75905 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs: Use-after-free on close http2 on stream canceling * nodejs: Use-after-free on close http2 on stream canceling * c-ares: Missing input valid ... oval:org.secpod.oval:def:506349 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs: Use-after-free on close http2 on stream canceling * nodejs: Use-after-free on close http2 on stream canceling * c-ares: Missing input valid ... oval:org.secpod.oval:def:10000626 The host is installed with Node.js 12.x before 12.22.5, 14.x before 14.17.5, or 16.x before 16.6.2 and is prone to a cross site scripting vulnerability. A flaw is present in the application which fails to handle an input validation of host names returned by Domain Name Servers in the Node.js c-ares ... oval:org.secpod.oval:def:1702028 A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availabil ... |