CVE-2026-56138

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

CVE-2026-56138 Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

CVE-2026-56138

CVE-2026-56138 affects the AIL framework. A path traversal vulnerability exists in the /objects/item/diff endpoint, where an authenticated user can supply item identifiers via the s1 and s2 query parameters. Before the fix, the service could read gzip-compressed files accessible to the AIL proces...

CVE-2025-66251

CVE-2025-66251 affects DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter family (versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000). Unauthenticated attacker can exploit an issue in the deletehidden parameter to perform path traversal, resulting in deletion of arbitra...

EUVD-2022-53080

Malicious code in bioql PyPI...

phar wrapper can occur dos when using quine gzip file

...

CVE-2024-7765

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0.2, which stems from improper handling of large GZIP files and could lead to a denial of service...

BIT-PHP-MIN-2022-31628 phar wrapper can occur dos when using quine gzip file

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

OESA-2023-1566 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

php: phar: infinite loop when decompressing quine gzip file

A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of servi...

USN-5905-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. CVE-2022-31628 It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity...

php: phar: infinite loop when decompressing quine gzip file

A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of servi...

The vulnerability of the library for working with X Pixmap (XPM) files, libXpm, is related to insecure search paths, allowing attackers to execute arbitrary code with elevated privileges.

The vulnerability of the library for working with X Pixmap XPM files involves the use of the $PATH variable to execute commands responsible for unpacking .Z or .gz files. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...

openSUSE 15 Security Update : php7 (SUSE-SU-2022:3830-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3830-1 advisory. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infini...

Fedora 36 : php (2022-0b77fbd9e7)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-0b77fbd9e7 advisory. PHP version 8.1.11 29 Sep 2022 Core: Fixed bug php81726: phar wrapper: DOS when using quine gzip file. CVE-2022-31628. cmb Fixed bug php81727: Don't...

PHP 7.4.x < 7.4.32 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities: - The phar uncompressor code would recursively uncompress quines gzip...

PHP 8.0.x < 8.0.24 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities: - The phar uncompressor code would recursively uncompress quines gzip...

CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

UBUNTU-CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...