Lucene search
+L

1752 matches found

EUVD
EUVD
added 2026/06/29 10:15 a.m.8 views

EUVD-2026-40068

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS5.9AI score0.00105EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/29 10:15 a.m.7 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS5.9AI score0.00105EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/29 10:15 a.m.5 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS5.9AI score0.00105EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 10:15 a.m.36 views

CVE-2026-41991

CVE-2026-41991 affects GNU gzip’s gzexe utility, where insecure temporary file handling creates a TOCTOU vulnerability. If mktemp is unavailable in PATH, gzexe constructs a PID-based temporary path without exclusive access or existence checks. A local attacker can pre-create the predicted path as...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/29 10:15 a.m.4 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53256

Name of the Vulnerable Software and Affected Versions GNU gzip affected versions not specified Description An issue exists in the LZH decompression logic where shared global state is improperly reused between different decompression formats during a single execution. The software maintains a glob...

7.5CVSS6AI score0.00294EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.16 views

PT-2026-53255

Name of the Vulnerable Software and Affected Versions GNU gzip affected versions not specified Description The gzexe utility handles temporary files insecurely. If the mktemp utility is missing from the user's PATH, gzexe generates a temporary file path using only the process ID PID. Because this...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References18
OSV
OSV
added 2026/06/26 4:35 p.m.3 views

GHSA-J9CW-HWQF-85W7 Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd's inhttp and inforward plugins support receiving gzip-compressed data. While Fluentd correctly enforces size limits on the incoming compressed payloads e.g., via bodysizelimit or chunksizelimit, it was discovered that there is no limit enforced on the size of the decompressed data. If a...

7.5CVSS5.8AI score0.0062EPSS
Exploits0References3
Fedora
Fedora
added 2026/06/26 12:59 a.m.5 views

[SECURITY] Fedora 44 Update: perl-IO-Compress-2.221-1.fc44

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...

7.8CVSS5.7AI score0.00373EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.65 views

PT-2026-53004

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description The in http and in forward plugins support gzip-compressed data but only enforce size limits on the compressed payloads via settings like body size limit and chunk size limit. Because no limit is...

7.5CVSS7.1AI score0.0062EPSS
Exploits0References15
RubySec
RubySec
added 2026/06/26 12:0 a.m.4 views

Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd's inhttp and inforward plugins support receiving gzip-compressed data. While Fluentd correctly enforces size limits on the incoming compressed payloads e.g., via bodysizelimit or chunksizelimit, it was discovered that there is no limit enforced on the size of the decompressed data. If a...

7.5CVSS5.8AI score0.0062EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52645

Name of the Vulnerable Software and Affected Versions hauler versions prior to 2.0.1-1.1 Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. This...

7.5CVSS5.8AI score
Exploits0References6
OSV
OSV
added 2026/06/24 1:13 p.m.12 views

OESA-2026-2728 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes only the Host header. It does not clear...

7.7CVSS5.8AI score0.00691EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 1:13 p.m.7 views

OESA-2026-2727 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes only the Host header. It does not clear...

7.7CVSS5.8AI score0.00691EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:12 a.m.6 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and ifix. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP...

7.5CVSS5.9AI score0.00625EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/19 10:16 a.m.18 views

CVE-2026-56138

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

5.3CVSS0.00341EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:3 a.m.34 views

CVE-2026-56138 Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

5.3CVSS0.00341EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 8:3 a.m.62 views

CVE-2026-56138

CVE-2026-56138 affects the AIL framework. A path traversal vulnerability exists in the /objects/item/diff endpoint, where an authenticated user can supply item identifiers via the s1 and s2 query parameters. Before the fix, the service could read gzip-compressed files accessible to the AIL proces...

5.3CVSS5.8AI score0.00341EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 8:3 a.m.4 views

CVE-2026-56138 Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

5.3CVSS5.9AI score0.00341EPSS
Exploits0References4
Fedora
Fedora
added 2026/06/19 1:10 a.m.12 views

[SECURITY] Fedora 43 Update: perl-Archive-Tar-3.04-522.fc43

Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support...

9.1CVSS5.3AI score0.0043EPSS
Exploits0
Rows per page
Query Builder