Lucene search
K

785 matches found

CloudLinux
CloudLinux
added 2026/05/08 11:43 a.m.13 views

bzip2: Fix of CVE-2019-12900

CVE-2019-12900: fix out-of-bounds write in BZ2decompress many selectors...

9.8CVSS6.8AI score0.08042EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/06 2:59 p.m.96 views

avro-oom-compression-poc

Avro Decompression Bomb PoC CWE-409 Proof of concept demons...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/05 8:29 a.m.10 views

CLSA-2026-1777969769 bzip2: Fix of CVE-2019-12900

CVE-2019-12900: fix out-of-bounds write in BZ2decompress many selectors...

9.8CVSS6.8AI score0.08042EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 12:13 a.m.18 views

CLSA-2026-1777940008 python3: Fix of CVE-2026-6100

CVE-2026-6100: clear dangling nextin pointer on MemoryError in bz2/lzma decompressors to avoid use-after-free on instance reuse...

9.1CVSS6AI score0.00579EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 5:21 p.m.11 views

CLSA-2026-1777569671 python3: Fix of CVE-2026-6100

CVE-2026-6100: clear dangling nextin pointer on MemoryError in bz2/lzma decompressors to avoid use-after-free on instance reuse...

9.1CVSS6AI score0.00579EPSS
Exploits0References1
OSV
OSV
added 2026/04/25 8:42 a.m.8 views

CLSA-2026-1776956583 bzip2: Fix of 2 CVEs

CVE-2019-12900: fix out-of-bounds write in BZ2decompress when many selectors are present - CVE-2016-3189: fix use-after-free in bzip2recover...

9.8CVSS6.8AI score0.15685EPSS
Exploits0References1
OSV
OSV
added 2026/04/23 5:36 p.m.8 views

CLSA-2026-1776965760 bzip2: Fix of 2 CVEs

CVE-2019-12900: fix out-of-bounds write in BZ2decompress when many selectors are present - CVE-2016-3189: fix use-after-free in bzip2recover...

9.8CVSS6.8AI score0.15685EPSS
Exploits0References1
OSV
OSV
added 2026/04/23 4:25 p.m.9 views

CLSA-2026-1776961553 bzip2: Fix of 2 CVEs

CVE-2019-12900: fix out-of-bounds write in BZ2decompress when many selectors are present - CVE-2016-3189: fix use-after-free in bzip2recover...

9.8CVSS6.8AI score0.15685EPSS
Exploits0References1
NVD
NVD
added 2026/04/13 6:16 p.m.6 views

CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS0.00579EPSS
Exploits0References53
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.12 views

PT-2026-32487

Name of the Vulnerable Software and Affected Versions CPython affected versions not specified Description A use-after-free UAF issue exists in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This occurs when a memory allocation fails with a MemoryError and the decompression instanc...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References207
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.3 views

CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.2 views

NewStart CGSL MAIN 6.06 (SP) : bzip2 Vulnerability (NS-SA-2026-0013)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has bzip2 packages installed that are affected by a vulnerability: - Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service crash via a crafted bzip2 file, related to block ends...

6.5CVSS7.4AI score0.15685EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 9:32 p.m.9 views

OpenClaw skills-install-download: tar.bz2 extraction bypassed archive safety parity checks (local DoS)

Summary The tar.bz2 installer path in src/agents/skills-install-download.ts used shell tar preflight/extract logic that did not share the same hardening guarantees as the centralized archive extractor. This allowed crafted .tar.bz2 archives to bypass special-entry blocking and extracted-size...

6AI score
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 12:44 a.m.34 views

Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate following vulnerabilities: Linux vulnerabilities in libraries such as bzip2, nghttp2, libxml2, unbound, libsoup, pam, sudo, java, openssh, glib2, expat, httpd, and linux-firmware. Safe Guarded Copy vulnerability within the...

9.8CVSS7.8AI score0.8496EPSS
Exploits2Affected Software4
OSV
OSV
added 2026/03/02 6:48 p.m.3 views

GHSA-54P8-X2M9-C593 malcontent: Error-path cleanup gap can leak scanners and fds and degrade availability

Several extraction and scanning code paths registered late defers which could leak resources and exhaust system resources. This report is an aggregate of these individual reports for the affected code: Advisory | Affected File -- | -- GHSA-jjgh-mc5q-gch7 | pkg/action/scan.go GHSA-mwmf-fxh2-w4x7 |...

5.3CVSS6AI score
Exploits0References6
OSV
OSV
added 2026/02/26 1:17 p.m.3 views

SUSE-SU-2026:20592-1 Security update for 7zip

This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...

7.5CVSS7.2AI score0.00635EPSS
Exploits2References6
OSV
OSV
added 2026/02/26 11:53 a.m.3 views

OPENSUSE-SU-2026:20273-1 Security update for 7zip

This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...

7.5CVSS6AI score0.00635EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : bzip2-1.0.8-10.el9_5 (AXSA:2025-9645:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9645:02 advisory. bzip2: bzip2: Data integrity error when decompressing with data integrity tests fail. CVE-2019-12900 Tenable has extracted the preceding description block...

9.8CVSS7.5AI score0.08042EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : bzip2-1.0.6-27.el8_10 (AXSA:2024-8983:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8983:01 advisory. bzip2: out-of-bounds write in function BZ2decompress CVE-2019-12900 Tenable has extracted the preceding description block directly from the MiracleLinux...

9.8CVSS5.6AI score0.08042EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.4 views

MiracleLinux 3 : bzip2-1.0.3-6.AXS3 (AXSA:2010-453:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-453:01 advisory. bzip2 compresses files using the Burrows-Wheeler block sorting text compression algorithm, and Huffman coding. Compression is generally considerably better th...

5.1CVSS5.6AI score0.03297EPSS
Exploits0References2
Rows per page
Query Builder