213 matches found
EUVD-2010-4631
Malware in sbrugna...
EUVD-2025-6729
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-22127
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix potential deadloop in preparecompressoverwrite Jan Prusakowski reported a kernel hang issue as below: When running xfstests on linux-next kernel...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the scenario decoding process. An attacker can cause excessive resource consumption by submitting a specially crafted zip archive that decompresses to a very large size...
CVE-2025-5087
CVE-2025-5087 affects Kaleris NAVIS N4 ULC (Ultra Light Client). The connected documents describe an unsafe Java deserialization vulnerability and insecure transmission of zlib-compressed data over HTTP, enabling an attacker who can observe traffic between Ultra Light Clients and N4 servers to ex...
PT-2025-26770 · Aleris +1 · Kaleris Navis N4 Ulc +1
Name of the Vulnerable Software and Affected Versions: Kaleris NAVIS N4 ULC Ultra Light Client affected versions not specified Description: The issue concerns insecure communication using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via a specially crafted wxapkg file. An attacker can cause resource consumption by sending specially crafted zip files that exploit the decompression process and convincing ...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Improper...
Denial Of Service (DoS)
H2O-3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of highly compressed data due to repeatedly parsing a large GZIP file, leading to memory exhaustion and a large number of slow-running jobs, making the server unresponsive...
GO-2025-3533 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter
Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to the improper handling of highly compressed data. An attacker can cause the server to become unresponsive and exhaust system memory by uploading and repeatedly parsing...
CVE-2024-7765 Denial of Service in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in ZstdUtil. An attacker can cause degradation in performance by sending very large compressed data. Remediation There is no fixed version for io.seata:seata-compressor-zstd...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in ZstdUtil. An attacker can cause degradation in performance by sending very large compressed data. Remediation Upgrade org.apache.seata:seata-compressor-zstd to version...
Apache Seata 安全漏洞
Apache Seata is an open source project from the Apache Foundation that provides high-performance and easy-to-use distributed transaction services in a microservices architecture. A security vulnerability exists in Apache Seata version 2.2.0 and earlier, which stems from improper handling of highl...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the ZipFileBodyDecoder. An attacker can trigger an out-of-memory condition, leading to server crashes or degraded performance by uploading a specially crafted ZIP fi...
CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter
kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...
PT-2025-49261
Name of the Vulnerable Software and Affected Versions urllib3 versions 1.0 through 2.5.16 Description urllib3 is a Python HTTP client library. Versions prior to 2.6.0 have an issue in the Streaming API where it improperly handles highly compressed data. The decompression logic can cause excessive...
CVE-2024-47736
In the Linux kernel, the following vulnerability has been resolved: erofs: handle overlapped pclusters out of crafted images properly syzbot reported a task hang issue due to a deadlock case where it is waiting for the folio lock of a cached folio that will be used for cache I/Os. After looking...
UBUNTU-CVE-2024-47736
In the Linux kernel, the following vulnerability has been resolved: erofs: handle overlapped pclusters out of crafted images properly syzbot reported a task hang issue due to a deadlock case where it is waiting for the folio lock of a cached folio that will be used for cache I/Os. After looking...