@dm3-org/dm3-cli (=1.3.0) potentially affected by unknown CVE via ccip-resolver (=0.2.10)

ccip-resolver NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on ccip-resolver and may be impacted: - @dm3-org/dm3-cli =1.3.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-5026...

MAL-2025-5026 Malicious code in ccip-resolver (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in ccip-resolver (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in gclient-eval (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5e9ffb1a50c4ad309a03eadf4dd05776ca6e5ac0e03e118c1f7c74bb2c1d5b3f Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...

Malicious code in win32evtlogutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5d62d03c43564c8087172222e65beaf334bd9f219291eb6c36a142ad88adef4f Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...

MAL-2025-191935 Malicious code in win32str (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 afe91149c788d349c6c0d31487fb417ce5fabc059b447dc4289b1e74f2cd161c Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...

MAL-2025-191808 Malicious code in package-resources (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ca5a9eea6d70ca2932b87cad82f57aa47d4ca38f9ba6c9d2f45d465b46c8358f Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...

CVE-2025-30220 GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

FreeRTOS-Plus-TCP 安全漏洞

FreeRTOS-Plus-TCP is an extensible open source and thread-safe TCP/IP stack for FreeRTOS. A security vulnerability exists in FreeRTOS-Plus-TCP that stems from a buffer overflow when processing LLMNR or mDNS queries, which could lead to out-of-bounds writes...

Moderate: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2024-36577

apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...

CVE-2023-28451

An issue was discovered in Technitium 11.0.2. There is a vulnerability called BadDNS in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS denial of service for normal resolution. The effects of an exploit would be widespread and highly impactful, becaus...

CVE-2023-26249

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response...

CVE-2023-46317

Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers...

CVE-2023-28452

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a...

CVE-2023-20917

In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-21382

In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Malicious code in package-meta-resolver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0fb37bcca1d8bf72c0bc4ef5c43c0d728bfe21662b56cc705c46f806c8a8e46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4384 Malicious code in package-meta-resolver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0fb37bcca1d8bf72c0bc4ef5c43c0d728bfe21662b56cc705c46f806c8a8e46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2012-1192

The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack...