CVE-2002-2212

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record RR combined with spoofed response...

Moderate: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ALSA-2025:8047 Moderate: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbounded name compression could lead to Denial of Service CVE-2024-8508 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2025-1212)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.1 : dhcp (EulerOS-SA-2025-1560)

According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer fr...

Malicious code in f0-flow-resolver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c42aceb0889ce5fb0fad4c698354a5a1df80d9432c36717c49a273f233cc9cf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3788 Malicious code in f0-flow-resolver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c42aceb0889ce5fb0fad4c698354a5a1df80d9432c36717c49a273f233cc9cf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Medium: nodejs20

Issue Overview: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if t...

Malicious code in resolver-options (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68b3b87faef2aa88da0714f9641eef9b258d050775eb10ec9fac90abbae5d8b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

API Platform Core does not call GraphQl securityAfterResolver

Summary A security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in this clause: https://github.com/api-platform/core/pull/6444/filesdiff-09e3c2cfe12a2ce65bd6c983c7ca6bfcf783f852b8d0554bb938e8ebf5e5fa65R56...

CVE-2025-23204 GraphQl securityAfterResolver not called

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to security, the impact is there only when...

CVE-2025-23204

The CVE affects api-platform/core. Starting in version 3.3.8, a logic flaw in the GraphQL security flow is caused by an omitted break in the AccessCheckerProvider switch that is supposed to run after GraphQL resolvers; this fallback can bypass security checks if there is only a post-resolver secu...

RLSA-2025:1681 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

RLSA-2024:11232 Moderate: unbound:1.16.2 security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbounded name compression could lead to Denial of Service CVE-2024-8508 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

RLSA-2024:9423 Moderate: python-dns security update

The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fixes: dnspython: denial of service in stub resolver CVE-2023-29483 For more details about th...

@aosweb/osui (>=0.0.23 <=0.0.25), @baosight/er (>=0.1.87 <=0.3.2) +44 more potentially affected by CVE-2025-27597 via @intlify/message-resolver (>=9.1.0 <=9.1.10)

@intlify/message-resolver NPM version =9.1.0, =0.0.23, =0.1.87, =9.14.2, =9.14.2, =0.3.1, =0.5.0, =1.9.7, =9.1.0, =9.1.0, =9.1.0, =9.1.0, =9.1.0, =3.0.0-alpha, =1.8.9, =2.14.0-alpha.3 and more Source cves: CVE-2025-27597 Source advisory: OSV:GHSA-P2PH-7G93-HW3M...

GHSA-P2PH-7G93-HW3M Vue I18n Allows Prototype Pollution in `handleFlatJson`

Vulnerability type: Prototype Pollution Vulnerability Locations: js v9.1 nodemodules/@intlify/message-resolver/index.js v9.2 or later nodemodules/@intlify/vue-i18n-core/index.js Description: The latest version of @intlify/message-resolver 9.1 and @intlify/vue-i18n-core 9.2 or later, previous...

PT-2025-10096

Name of the Vulnerable Software and Affected Versions @intlify/message-resolver version 9.1 @intlify/vue-i18n-core versions 9.2 and later Description The vulnerability is a Prototype Pollution issue through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype...

Linux Distros Unpatched Vulnerability : CVE-2022-40188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an...

Linux Distros Unpatched Vulnerability : CVE-2023-26249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically...