Lucene search
K

59 matches found

Rosalinux
Rosalinux
added 2026/02/16 12:24 p.m.11 views

Advisory ROSA-SA-2026-3195

Software: lz4 1.8.3 OS: ROSA Virtualization 2.1 unaffected versions = lz4-1.8.3-5.rv3 affected versions lz4-1.8.3-5.rv3 CVE-ID: CVE-2019-17543 BDU-ID: 2023-07612 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the LZ4 lossless data compression algorithm is related to writing beyond buffer boundaries...

9.8CVSS7.3AI score0.09116EPSS
Exploits0
Rosalinux
Rosalinux
added 2026/02/16 7:27 a.m.8 views

Advisory ROSA-SA-2026-3155

Software: lz4 1.8.3 OS: ROSA Virtualization 3.1 unaffected versions = lz4-1.8.3-5.rv31 affected versions lz4-1.8.3-5.rv31 CVE-ID: CVE-2019-17543 BDU-ID: 2023-07612 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the LZ4 lossless data compression algorithm is related to writing beyond buffer...

9.8CVSS7.2AI score0.09116EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.5 views

TencentOS Server 3: lz4 (TSSA-2022:0211)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0211 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

9.8CVSS7.2AI score0.03216EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/05/30 8:24 p.m.69 views

Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update

Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7.4AI score0.99931EPSS
Exploits46References25
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.19 views

RHEL 7 : lz4 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - lz4: memory corruption due to an integer overflow bug caused by memmove argument CVE-2021-3520 - LZ4 befo...

10AI score0.09116EPSS
Exploits0References2
OSV
OSV
added 2023/08/31 12:14 p.m.3 views

BELL-CVE-2021-3520 CVE-2021-3520 does not affect BellSoft software

Bulletin has no description...

9.8CVSS5.8AI score0.03216EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/01/31 12:0 a.m.14 views

Huawei EulerOS: Security Advisory for lz4 (EulerOS-SA-2023-1273)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.03216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/30 12:0 a.m.26 views

EulerOS Virtualization 3.0.2.2 : lz4 (EulerOS-SA-2023-1273)

According to the versions of the lz4 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer...

9.8CVSS7.2AI score0.03216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/04 12:0 a.m.21 views

Amazon Linux 2022 : lz4, lz4-devel, lz4-libs (ALAS2022-2022-169)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-169 advisory. There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on a negative size argument,...

9.8CVSS7.2AI score0.03216EPSS
Exploits0References3
OSV
OSV
added 2022/09/01 10:24 p.m.31 views

GHSA-9Q5J-JM53-V7VR lz4-sys vulnerable to memory corruption via issue in liblz4

lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520. Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write. The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4...

9.8CVSS8.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/09/01 10:24 p.m.39 views

lz4-sys vulnerable to memory corruption via issue in liblz4

lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520. Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write. The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4...

9.8CVSS6.4AI score0.03216EPSS
Exploits0References3Affected Software1
RustSec
RustSec
added 2022/08/25 12:0 p.m.38 views

Memory corruption in liblz4

lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520. Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write. The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4...

9.8CVSS5.9AI score0.03216EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/05/10 12:0 a.m.36 views

NewStart CGSL MAIN 6.02 : lz4 Vulnerability (NS-SA-2022-0051)

The remote NewStart CGSL host, running version MAIN 6.02, has lz4 packages installed that are affected by a vulnerability: - There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on...

9.8CVSS7.3AI score0.03216EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/04/13 11:26 a.m.137 views

Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.1.0 release and security update

Red Hat AMQ Streams 2.1.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.8AI score0.03216EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/02/13 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for lz4 (EulerOS-SA-2022-1083)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.03216EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/02/13 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for lz4 (EulerOS-SA-2022-1132)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.03216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/02/13 12:0 a.m.21 views

EulerOS Virtualization 3.0.6.0 : lz4 (EulerOS-SA-2022-1083)

According to the versions of the lz4 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer...

9.8CVSS7.2AI score0.03216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/02/12 12:0 a.m.23 views

EulerOS Virtualization 3.0.6.6 : lz4 (EulerOS-SA-2022-1132)

According to the versions of the lz4 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer...

9.8CVSS7.2AI score0.03216EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.13 views

Mageia: Security Advisory (MGASA-2021-0229)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.9AI score0.03216EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 12:24 a.m.75 views

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access

Summary Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access product. Vulnerability Details CVEID: CVE-2021-3520 DESCRIPTION: lz4 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted fil...

9.8CVSS9.9AI score0.62906EPSS
Exploits13Affected Software1
Rows per page
Query Builder