Lucene search
K

1681 matches found

RedHat Linux
RedHat Linux
added yesterday5 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: gzip: gzip-1.14-2.2.hum1 aarch64, x8664 gzip-1.14-2.2.hum1.src src Security Fixes: gzip: CVE-2026-41911 CVE-2026-41991...

6.5CVSS5.8AI score0.00326EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added yesterday2 views

Linux Distros Unpatched Vulnerability : CVE-2026-41992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different...

7.5CVSS6.1AI score0.00146EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added yesterday3 views

Linux Distros Unpatched Vulnerability : CVE-2026-41991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user's PATH,...

4.7CVSS6AI score0.00117EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS0.00117EPSS
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

7.5CVSS0.00146EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-41992 Global Buffer Overflow in GNU gzip

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

6.9CVSS0.00146EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

6.9CVSS6AI score0.00146EPSS
Exploits0
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40069

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

6.9CVSS6AI score0.00146EPSS
Exploits0References3
CVE
CVE
added 2 days ago9 views

CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

7.5CVSS6AI score0.00146EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-41991 Predictable Temporary File in GNU gzip

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS0.00117EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2 days ago2 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS5.9AI score0.00117EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2 days ago3 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS5.9AI score0.00117EPSS
Exploits0
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40068

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS5.9AI score0.00117EPSS
Exploits0References3
CVE
CVE
added 2 days ago10 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS5.9AI score0.00117EPSS
Exploits0References3Affected Software1
OSV
OSV
added 5 days ago2 views

GHSA-J9CW-HWQF-85W7 Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd's inhttp and inforward plugins support receiving gzip-compressed data. While Fluentd correctly enforces size limits on the incoming compressed payloads e.g., via bodysizelimit or chunksizelimit, it was discovered that there is no limit enforced on the size of the decompressed data. If a...

7.5CVSS5.8AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:12 a.m.5 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and ifix. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP...

7.5CVSS5.9AI score0.00625EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions prior to 7.4.31, 8.0.24, and 8.1.11, the phar uncompressor code would recursively uncompress “quines” gzip files, resulting in an infinite loop...

5.5CVSS7AI score0.00565EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in gzip, xz-utils

A arbitrary file writing vulnerability was discovered in the GNU gzip’s zgrep utility. When zgrep is applied to a file name chosen by the attacker e.g., a crafted file name, it can overwrite the content of the target file with an arbitrary file selected by the attacker. This flaw arises due to...

8.8CVSS6.9AI score0.04062EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in zlib, libz-mingw-w64

Zlib versions up to 1.2.12 have a heap-based buffer over-read or buffer overflow issue in the inflate function within inflate.c, due to a large gzip header extra field. NOTE: Only applications that call inflateGetHeader are affected. Some common applications bundle the affected Zlib source code,...

9.8CVSS6.9AI score0.1593EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 9.4.0 to 9.4.56, a buffer can be released incorrectly when encountering a gzip error during the inflation of a request body. This can lead to corrupted data and/or inadvertent sharing of data between requests...

7.2CVSS6.7AI score0.00432EPSS
Exploits0References2
Rows per page
Query Builder