1.5.3

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-25	CVE-2023-32067	c-ares is an asynchronous resolver library. network low complexity c-ares-project fedoraproject debian	7.5
2023-05-25	CVE-2023-31124	Use of Insufficiently Random Values vulnerability in multiple products c-ares is an asynchronous resolver library. network high complexity c-ares-project fedoraproject CWE-330	3.7
2023-05-25	CVE-2023-31130	Out-of-bounds Write vulnerability in multiple products c-ares is an asynchronous resolver library. local high complexity c-ares-project fedoraproject debian CWE-787	6.4
2023-05-25	CVE-2023-31147	c-ares is an asynchronous resolver library. network low complexity c-ares-project fedoraproject	6.5
2023-03-06	CVE-2022-4904	Improper Validation of Specified Quantity in Input vulnerability in multiple products A flaw was found in the c-ares package. network low complexity c-ares-project redhat fedoraproject CWE-1284	8.6
2021-11-23	CVE-2021-3672	Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. network high complexity c-ares-project fedoraproject redhat siemens nodejs pgbouncer CWE-79	5.6
2020-11-19	CVE-2020-8277	Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. network low complexity nodejs fedoraproject oracle c-ares-project CWE-400	7.5