MiracleLinux 9 : gzip-1.10-9.el9 (AXSA:2022-3914:03)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3914:03 advisory. gzip: arbitrary-file-write vulnerability CVE-2022-1271 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 7 : gzip-1.5-11.el7 (AXSA:2022-3181:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3181:02 advisory. gzip: arbitrary-file-write vulnerability CVE-2022-1271 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 3 : gzip-1.3.5-11.1.1.AXS3 (AXSA:2010-76:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-76:01 advisory. The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Security bugs fixed with this release: CVE-2010-00...

EUVD-2005-1231

Malware in sbrugna...

EUVD-2005-0989

Malware in sbrugna...

EUVD-2006-4326

Malware in sbrugna...

EUVD-2006-4322

Malware in sbrugna...

EUVD-2006-4323

Malware in sbrugna...

EUVD-2019-10462

Malware in sbrugna...

EUVD-2009-2619

Malware in sbrugna...

EUVD-2006-4324

Malware in sbrugna...

jetty-server: Jetty: Gzip Request Body Buffer Corruption

A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...

USN-7630-1 resteasy, resteasy3.0 vulnerabilities

It was discovered that RESTEasy made insufficient use of random values in asynchronous jobs. An attacker could possibly use this issue to steal user data. This issue only affected Ubuntu 16.04 LTS. CVE-2016-6345 It was discovered that RESTEasy enabled a vulnerable GZIP decompression module by...

CVE-2024-13009

CVE-2024-13009 (Jetty) affects Jetty 9.4.0–9.4.56 where a gzip error during inflating a request body can cause a buffer to be released incorrectly, potentially corrupting or sharing data between requests. Public IBM bulletins tie this CVE to IBM QRadar SIEM, IBM Storage Scale, and Tivoli Netcool/...

CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...

CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...

USN-6335-1 busybox vulnerabilities

It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary...

PT-2023-4786 · Atlassian · Confluence +2

Name of the Vulnerable Software and Affected Versions: Okio versions prior to the fixed versions Bitbucket Data Center and Server versions 7.17.0 through 8.14.0 Confluence Data Center and Server versions 7.13.0 through 8.7.0 Description: The issue is related to the GzipSource class in the Okio...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18-openssl (SUSE-SU-2023:2312-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2312-1 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before G...

SUSE CVE-2006-4334

Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service crash via a crafted GZIP gz archive, which results in a NULL dereference...