Download
| Alert*
oval:org.secpod.oval:def:508131
The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: c-ares: buffer overflow in config_sortlist due to missing string length check For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related info ... oval:org.secpod.oval:def:125141 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT. oval:org.secpod.oval:def:707991 c-ares: library for asynchronous name resolution c-ares could be made to crash or run programs if it processed specially crafted input. oval:org.secpod.oval:def:2600411 The c-ares C library defines asynchronous DNS requests and provides name resolving API. oval:org.secpod.oval:def:19500219 A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. When cross-compiling c-ares ... oval:org.secpod.oval:def:2501222 The c-ares C library defines asynchronous DNS requests and provides name resolving API. oval:org.secpod.oval:def:4501458 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * c-ares: 0-byte UDP payload Denial of Service * c-ares: buffer overflow in config_sortlist due to missing string length check * c-ares: Buffer Under ... oval:org.secpod.oval:def:2108019 Oracle Solaris 11 - ( CVE-2022-4904 ) oval:org.secpod.oval:def:125031 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named ares, written by Greg Hudson at MIT. oval:org.secpod.oval:def:89482 c-ares: library for asynchronous name resolution c-ares could be made to crash or run programs if it processed specially crafted input. oval:org.secpod.oval:def:1601746 A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity oval:org.secpod.oval:def:508102 The c-ares C library defines asynchronous DNS requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares . Security Fix: c-ares: buffer overflow in config_sortlist due to missing string length check c-ares: Buffer Underwrite in ares_ine ... oval:org.secpod.oval:def:507834 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * c-ares: 0-byte UDP payload Denial of Service * c-ares: buffer overflow in config_sortlist due to missing string length check * c-ares: Buffer Under ... oval:org.secpod.oval:def:1506732 nodejs [1:18.14.2-3] - Update bundled c-ares to 1.19.1 Resolves: CVE-2022-4904 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 oval:org.secpod.oval:def:89049316 This update for libcares2 fixes the following issues: * CVE-2022-4904: Fixed stack overflow in ares_set_sortlist . oval:org.secpod.oval:def:89048521 This update for c-ares fixes the following issues: Updated to version 1.19.0: * CVE-2022-4904: Fixed missing string length check in config_sortlist . oval:org.secpod.oval:def:1702028 A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availabil ... oval:org.secpod.oval:def:5800169 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs , nodejs-nodemon . Security Fix: * c-ares: buffer overflow in config_sortlist due to mi ... oval:org.secpod.oval:def:19500302 A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. It is possible to bypass Per ... oval:org.secpod.oval:def:1506500 nodejs [1:16.19.1-1] - Rebase to 16.19.1 Resolves: rhbz#2153713 Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 Resolves: CVE-2022-25881 CVE-2022-4904 nodejs-nodemon [2.0.20-3] - Patch bundled glob-parent Resolves: CVE-2021-35065 oval:org.secpod.oval:def:1506501 nodejs [1:18.14.2-2] - Provide simduft [1:18.14.2-1] - Rebase to 18.14.2 - Resolves: #2178087 - Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 - Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 oval:org.secpod.oval:def:507606 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * decode-uri-component: improper input validation resulting in DoS * g ... oval:org.secpod.oval:def:1506562 nodejs [1:16.19.1-1] - Rebase to 16.19.1 - Resolves: rhbz#2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-4904 nodejs-nodemon [2.0.20-3] - Patch bundled glob-parent - Resolves: CVE-2021-35065 oval:org.secpod.oval:def:2501041 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:2600246 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:508149 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: glob-parent: Regular Expression Denial of Service c-ares: buffer overf ... oval:org.secpod.oval:def:507696 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * glob-parent: Regular Expression Denial of Service * c-ares: buffer o ... oval:org.secpod.oval:def:4501408 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * decode-uri-component: improper input validation resulting in DoS * g ... oval:org.secpod.oval:def:1506510 nodejs [1:14.21.3-1] - Rebase to 14.21.3 Resolves: rhbz#2153712 Resolves: CVE-2022-25881 CVE-2023-23918 CVE-2023-23920 CVE-2022-38900 Resolves: CVE-2022-4904 oval:org.secpod.oval:def:2501036 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:1506571 nodejs [1:18.14.2-2] - Provide simduft - Resolves: #2159389 [1:18.14.2-1] - Rebase to 18.14.2 - Resolves: #2159389 - Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 - Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 nodejs-nodemon [2.0.20-2] - Patch bundled glob-paren ... oval:org.secpod.oval:def:4501404 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * glob-parent: Regular Expression Denial of Service * c-ares: buffer o ... oval:org.secpod.oval:def:507702 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs , nodejs-nodemon . Security Fix: * c-ares: buffer overflow in config_sortlist due to mi ... oval:org.secpod.oval:def:2501128 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:2600233 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:1507532 nodejs [1:18.20.2-2] - Removes .ps1 files - Rebase to 18.20.2 - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 [1:18.19.1-1] - Rebase to version 18.19.1 - Fixes: CVE-2024-21892 CVE-2024-22019 - Fixes: CVE-2023-46809 [1:18.19.0-1] - Rebase to version 18.19.0 Resolves: RHEL-21 ... |