Download
| Alert*
|
oval:org.secpod.oval:def:708241
c-ares: library for asynchronous name resolution Several security issues were fixed in c-ares. oval:org.secpod.oval:def:93354 Two vunerabilities were discovered in c-ares, an asynchronous name resolver library: CVE-2023-31130 ares_inet_net_pton is found to be vulnerable to a buffer underflow for certain ipv6 addresses, in particular '0::00:00:00/2' was found to cause an issue. c-ares only uses this function internally for ... oval:org.secpod.oval:def:2600275 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:1601730 Denial of Service.An issue in c-ares was found where a 0-byte UDP payload can cause a Denial of Service . oval:org.secpod.oval:def:2600271 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:1506741 nodejs [1:16.19.1-2] - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 oval:org.secpod.oval:def:19500219 A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. When cross-compiling c-ares ... oval:org.secpod.oval:def:1701424 Denial of Service.An issue in c-ares was found where a 0-byte UDP payload can cause a Denial of Service . oval:org.secpod.oval:def:1506621 [1.10.0-3.1] - Resolves: rhbz#2209503 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-7.9.z] oval:org.secpod.oval:def:1506600 [1:16.19.1-2] - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 oval:org.secpod.oval:def:4501458 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * c-ares: 0-byte UDP payload Denial of Service * c-ares: buffer overflow in config_sortlist due to missing string length check * c-ares: Buffer Under ... oval:org.secpod.oval:def:507805 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * c-ares: 0-byte UDP payload Denial of Service * c-ares: Buffer Underwrite in ares_inet_net_pton * c-ares: Insufficient randomness in generation of D ... oval:org.secpod.oval:def:2501127 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:2501128 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:507803 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * c-ares: 0-byte UDP payload Denial of Service * c-ares: Buffer Underwrite in ares_inet_net_pton * c-ares: Insufficient randomness in generation of D ... oval:org.secpod.oval:def:1506607 nodejs [1:18.14.2-3] - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 oval:org.secpod.oval:def:1506601 [1.17.1-5.1] - Resolves: rhbz#2209519 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.2.0.z] oval:org.secpod.oval:def:89049023 This update for c-ares fixes the following issues: Update to version 1.19.1: * CVE-2023-32067: 0-byte UDP payload causes Denial of Service * CVE-2023-31147: Insufficient randomness in generation of DNS query IDs * CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton * CVE-2023-31124: AutoTools ... oval:org.secpod.oval:def:125763 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT. oval:org.secpod.oval:def:5800179 The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: * c-ares: 0-byte UDP payload Denial of Service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ... oval:org.secpod.oval:def:507790 The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: * c-ares: 0-byte UDP payload Denial of Service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ... oval:org.secpod.oval:def:2600265 The c-ares C library defines asynchronous DNS requests and provides name resolving API. oval:org.secpod.oval:def:91506 c-ares: library for asynchronous name resolution Several security issues were fixed in c-ares. oval:org.secpod.oval:def:4501476 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * c-ares: 0-byte UDP payload Denial of Service * c-ares: Buffer Underwrite in ares_inet_net_pton * c-ares: Insufficient randomness in generation of D ... oval:org.secpod.oval:def:4501432 The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: * c-ares: 0-byte UDP payload Denial of Service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ... oval:org.secpod.oval:def:507791 The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: * c-ares: 0-byte UDP payload Denial of Service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ... oval:org.secpod.oval:def:5800173 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * c-ares: 0-byte UDP payload Denial of Service * c-ares: Buffer Underwrite in ares_inet_net_pton * c-ares: Insufficient randomness in generation of D ... oval:org.secpod.oval:def:2108157 Oracle Solaris 11 - ( CVE-2023-31147 ) oval:org.secpod.oval:def:507835 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * c-ares: 0-byte UDP payload Denial of Service * c-ares: Buffer Underwrite in ares_inet_net_pton * c-ares: Insufficient randomness in generation of D ... oval:org.secpod.oval:def:19500407 Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled wi ... oval:org.secpod.oval:def:206029 Security Fix: c-ares: 0-byte UDP payload Denial of Service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:507834 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * c-ares: 0-byte UDP payload Denial of Service * c-ares: buffer overflow in config_sortlist due to missing string length check * c-ares: Buffer Under ... oval:org.secpod.oval:def:2501112 The c-ares C library defines asynchronous DNS requests and provides name resolving API. oval:org.secpod.oval:def:89048946 This update for libcares2 fixes the following issues: * CVE-2023-32067: Fixed a denial of service that could be triggered by a 0-byte UDP payload . * CVE-2023-31147: Fixed an insufficient randomness in generation of DNS query IDs . * CVE-2023-31130: Fixed a buffer underflow when configuring specific ... oval:org.secpod.oval:def:125734 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT. oval:org.secpod.oval:def:1506611 [1.13.0-6.1] - Resolves: rhbz#2209516 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-8.8.0.z] oval:org.secpod.oval:def:1506732 nodejs [1:18.14.2-3] - Update bundled c-ares to 1.19.1 Resolves: CVE-2022-4904 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 oval:org.secpod.oval:def:507817 The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: * c-ares: 0-byte UDP payload Denial of Service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ... oval:org.secpod.oval:def:1701691 Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled wi ... oval:org.secpod.oval:def:610639 Two vunerabilities were discovered in c-ares, an asynchronous name resolver library: CVE-2023-31130 ares_inet_net_pton is found to be vulnerable to a buffer underflow for certain ipv6 addresses, in particular '0::00:00:00/2' was found to cause an issue. c-ares only uses this function internally for ... oval:org.secpod.oval:def:1507532 nodejs [1:18.20.2-2] - Removes .ps1 files - Rebase to 18.20.2 - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 [1:18.19.1-1] - Rebase to version 18.19.1 - Fixes: CVE-2024-21892 CVE-2024-22019 - Fixes: CVE-2023-46809 [1:18.19.0-1] - Rebase to version 18.19.0 Resolves: RHEL-21 ... oval:org.secpod.oval:def:89049104 This update for nodejs16 fixes the following issues: Update to version 16.20.1: * CVE-2023-30581: Fixed mainModule. **proto** Bypass Experimental Policy Mechanism . * CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process . * CVE-20 ... |
