PT-2026-20440

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the crypto/iaa module related to an out-of-bounds index in the find empty iaa compression mode function. A local variable, i, is initialized...

PT-2025-49304

Name of the Vulnerable Software and Affected Versions yawkat LZ4 Java versions 1.10.0 and earlier Description yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations allows remote attackers to read previous buffer...

PT-2026-4945

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.3 through 3.6 Description A TLS 1.3 connection utilizing certificate compression can be manipulated to allocate a substantial buffer prior to decompression, bypassing the configured certificate size limit. This can lead to...

PT-2025-34389

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a use-after-free UAF vulnerability within the f2fs file system compression functionality, specifically in the f2fs free dic function. The issue occurs when th...

Altair 资源管理错误漏洞

Altair is a beautiful and feature-rich GraphQL client IDE from the Altair GraphQL open source. A resource management error vulnerability exists in versions prior to Altair v12.24Q3.2, which stems from a lack of request validation and a lack of authentication in the image proxy, and the...

unbound: Unbounded name compression could lead to Denial of Service

A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that...

unbound: Unbounded name compression could lead to Denial of Service

A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that...

SUSE-SU-2024:4333-1 Security update for libaom, libyuv

This update for libaom, libyuv fixes the following issues: libaom was updated to version 3.7.1: Bug Fixes: - aomedia:3349: heap overflow when increasing resolution - aomedia:3478: GCC 12.2.0 emits a -Wstringop-overflow warning on aom/av1/encoder/motionsearchfacade.c - aomedia:3489: Detect encoder...

CVE-2024-54266

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ImageRecycle ImageRecycle pdf & image compression allows Reflected XSS.This issue affects ImageRecycle pdf & image compression: from n/a through 3.1.16...

CVE-2024-54266

CVE-2024-54266 affects the ImageRecycle pdf & image compression WordPress plugin. The issue is a Reflected XSS via improper input neutralization during web page generation, impacting versions from custom/n/a up to 3.1.16 . The vulnerability is confirmed in connected sources (Wordfence WordPress v...

PT-2024-36146 · Unknown · Imagerecycle Pdf & Image Compression

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression versions prior to 3.1.17 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This problem affects the...

WordPress plugin ImageRecycle pdf & image compression 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin ImageRecycle pdf & image...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-2943)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-2959)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to...

gRPC: hpack table accounting errors can lead to denial of service

A flaw was found in the gRPC lib. This vulnerability allows hpack table accounting errors that could lead to unwanted disconnects between clients and servers in exceptional cases. This issue leads to Unbounded memory buffering in the HPACK parser and Unbounded CPU consumption in the HPACK parser...

GHSA-4H8F-C635-25P7 ibexa/post-install affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...

ibexa/post-install affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...

GHSA-FH7V-Q458-7VMW ibexa/http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

ibexa/http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

GHSA-MGFG-7533-7JF6 ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...