Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dns library project dns library vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the ra...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
3.7
CVSSv3
CVE-2023-31124
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an malicious user to ...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
6.4
CVSSv3
CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would r...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 lengt...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2004-0957
Unknown vulnerability in MySQL 3.23.58 and previous versions, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activitie...
Oracle Mysql 3.21
Oracle Mysql 3.22
Oracle Mysql 3.23
Oracle Mysql 3.23.10
Oracle Mysql 3.23.27
Oracle Mysql 3.23.28
Oracle Mysql 3.23.34
Oracle Mysql 3.23.36
Oracle Mysql 3.23.42
Oracle Mysql 3.23.43
Oracle Mysql 3.23.5
Oracle Mysql 3.23.50
Oracle Mysql 3.23.56
Oracle Mysql 3.23.58
Oracle Mysql 4.0.11
Oracle Mysql 4.0.20
Oracle Mysql 4.0.3
Oracle Mysql 3.22.28
Oracle Mysql 3.22.29
Oracle Mysql 3.23.23
Oracle Mysql 3.23.24
Oracle Mysql 3.23.3
NA
CVE-2007-0981
Mozilla based browsers, including Firefox prior to 1.5.0.10 and 2.x prior to 2.0.0.2, and SeaMonkey prior to 1.0.8, allow remote malicious users to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location....
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.3
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.6
Mozilla Firefox 1.5.0.3
Mozilla Firefox 1.5.0.4
Mozilla Firefox 1.5.4
Mozilla Firefox 1.5.5
Mozilla Firefox 2.0.0.1
Mozilla Firefox 2.0
Mozilla Seamonkey 1.0.4
Mozilla Seamonkey 1.0.5
Mozilla Firefox 0.8
Mozilla Firefox 0.9
Mozilla Firefox 1.0.3
Mozilla Firefox 1.0.4
Mozilla Firefox 1.5.0.1
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.1
Mozilla Firefox 1.5.2
Mozilla Firefox 1.5.3
1 EDB exploit
7.5
CVSSv3
CVE-2022-23772
Rat.SetString in math/big in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
Debian Debian Linux 9.0
5 Github repositories
7.5
CVSSv3
CVE-2022-23773
cmd/go in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
4 Github repositories
9.1
CVSSv3
CVE-2022-23806
Curve.IsOnCurve in crypto/elliptic in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
Debian Debian Linux 9.0
3 Github repositories
3.7
CVSSv3
CVE-2015-4000
The TLS protocol 1.2 and previous versions, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle malicious users to conduct cipher-downgrade attacks by rewriting a ClientHello with D...
Openssl Openssl
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Hp Hp-ux B.11.31
Ibm Content Manager 8.5
Oracle Jrockit R28.3.6
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Oracle Jdk 1.8.0
Oracle Jre 1.7.0
Oracle Jre 1.6.0
Oracle Jre 1.8.0
Oracle Jdk 1.7.0
Oracle Jdk 1.6.0
Suse Linux Enterprise Server 11.0
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Desktop 12
Suse Suse Linux Enterprise Server 12
Apple Mac Os X
Apple Iphone Os
1 Nmap script
4 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »