@0xflick/jest-dynamodb (=4.0.1-pre.2), @42technologies/secretstore-aws (>=1.0.1 <=1.0.2) +1493 more potentially affected by unknown CVE via @smithy/config-resolver (>=1.1.0 <=3.0.13)

@smithy/config-resolver NPM version =1.1.0, =1.0.1, =1.0.0, =1.0.1, =0.3.2, =0.3.2, =0.0.1, =0.10.2, =0.1.0, =0.5.0, =2.1.25, =2.3.0, =9.1.6, =2.2.2, =3.1.21 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6475-R3VJ-M8VF...

AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

GHSA-6475-R3VJ-M8VF AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

USN-7047-1: libvirt vulnerabilities

It was discovered that libvirt parsed user-provided XML files before performing ACL checks. An attacker could possibly use this issue to cause libvirt to consume memory, resulting in a denial of service. CVE-2025-12748 It was discovered that libvirt incorrectly handled permissions on external...

PT-2026-3409

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

CVE-2019-16791

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy...

PT-2026-27772

Name of the Vulnerable Software and Affected Versions BIND versions 9.20.0 through 9.20.20 BIND versions 9.21.0 through 9.21.19 BIND versions 9.20.9-S1 through 9.20.20-S1 Description A specially crafted domain can be used to cause a memory leak in a BIND resolver by querying this domain. The issu...

PT-2026-27770

Name of the Vulnerable Software and Affected Versions BIND versions 9.11.0 through 9.16.50 BIND versions 9.18.0 through 9.18.46 BIND versions 9.20.0 through 9.20.20 BIND versions 9.21.0 through 9.21.19 BIND versions 9.11.3-S1 through 9.16.50-S1 BIND versions 9.18.11-S1 through 9.18.46-S1 BIND...

bind: Cache poisoning attacks with unsolicited RRs

A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records RRs in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache...

FreeBSD Security Advisory - FreeBSD-SA-25:12.rtsold

FreeBSD Security Advisory - The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that...

Moderate: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2025-48631

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-62408 c-ares has a Use After Free vulnerability when connection is cleaned up after error

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

CVE-2025-62408 c-ares has a Use After Free vulnerability when connection is cleaned up after error

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

CVE-2025-48631

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48631

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48631

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48631

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48631

CVE-2025-48631 affects Google Android (LocalImageResolver.java: onHeaderDecoded). The issue is a DoS caused by resource exhaustion, enabling remote denial of service with network access and no user interaction. Connected advisories confirm updates in Android and Samsung devices as fixes; patch le...

[SECURITY] [DSA 6071-1] unbound security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6071-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 04, 2025 https://www.debian.org/security/faq -...