Astra Linux - уязвимость в fontforge

Splinefont in FontForge, with a version number of 20230101, allows for command injection through crafted archives or compressed files...

fontforge: command injection via crafted archives or compressed files

Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files...

EUVD-2025-202310

Ladybug adds message-based debugging, unit, system, and regression testing to Java applications. Versions prior to 3.0-20251107.114628 contain the APIs /iaf/ladybug/api/report/storage and /iaf/ladybug/api/report/upload, which allow uploading gzip-compressed XML files with user-controllable conten...

EUVD-2007-2761

Malware in sbrugna...

EUVD-2015-9385

Malware in sbrugna...

EUVD-2006-4826

Malware in sbrugna...

EUVD-2020-18153

Malware in sbrugna...

EUVD-2022-52462

Malicious code in bioql PyPI...

EUVD-2024-32094

Malicious code in bioql PyPI...

EUVD-2024-2609

Malicious code in bioql PyPI...

EUVD-2022-52143

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-4883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on th...

HortusFox 安全漏洞

HortusFox is a free and open source self-hosted plant manager system from HortusFox, Inc. A security vulnerability exists in HortusFox version v4.4, which stems from improper handling of compressed files by the /modules/ImportModule.php component and could lead to arbitrary code execution...

CVE-2024-12387

A vulnerability in the binary-husky/gptacademic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This iss...

Gradio 安全漏洞

Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. A security vulnerability exists in version 98cbcae of Gradio, which stems from the improper handling of compressed files by the dataframe componen...

fontforge: command injection via crafted archives or compressed files

Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files...

OESA-2024-2254 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root...

openSUSE Security Advisory (SUSE-SU-2024:3110-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:3110-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3110-1 advisory. - CVE-2024-42367: Fixed path traversal outside the root directory when requests involve compressed files ...

SUSE-SU-2024:3110-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2024-42367: Fixed path traversal outside the root directory when requests involve compressed files as symbolic links bsc1229226...