259 matches found
Fedora 43 : brotli / perl-Alien-Brotli / python-urllib3 (2025-d93200cf16)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-d93200cf16 advisory. Update brotli to 1.2.0 and python-urllib3 to 2.6.1. In python-urllib3: - Fixed a security issue where streaming API could improperly handle highly...
FBI Says DC Pipe Bomb Suspect Brian Cole Kept Buying Bomb Parts After January 6
The 30-year-old Virginia resident evaded capture for years after authorities discovered pipe bombs planted near buildings in Washington, DC, the day before the January 6, 2021, Capitol attack...
CVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
CVE-2025-64508
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...
OESA-2025-2669 brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
CVE-2025-64508
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...
CVE-2025-64508
CVE-2025-64508 affects Bugsink, a self-hosted error-tracking tool. In versions prior to 2.0.5, specially crafted Brotli streams (brotli bombs) can cause memory exhaustion when the server decompresses input before applying limits, enabling a Denial of Service if the DSN is known. The issue is expl...
SUSE CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
Allocation of Resources Without Limits or Throttling
Overview brotli is a Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose...
Allocation of Resources Without Limits or Throttling
Overview Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient protection against decompressi...
EUVD-1999-0106
Malware in sbrugna...
EUVD-2004-1725
Malware in sbrugna...
EUVD-2024-35247
Malicious code in bioql PyPI...
EUVD-2023-0733
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-0475
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. CVE-2023-0475 Note that Nessus relies on the presence ...
BIT-LIBPYTHON-2024-0450 Quoted zip-bomb protection for zipfile
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2025-53633
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...
CVE-2025-53633
CVE-2025-53633 affects Chall-Manager. The vulnerability arises when decoding a scenario (zip archive): the decoded content size is not checked, allowing potential zip-bomb decompression. Exploitation does not require authentication or authorization. A patch was implemented in commit 14042aa and s...
What Satellite Images Reveal About the US Bombing of Iran's Nuclear Sites
The US concentrated its attack on Fordow, an enrichment plant built hundreds of feet underground. Aerial photos give important clues about what damage the “bunker-buster” bombs may have caused...
PeerTube 安全漏洞
PeerTube is a decentralized video sharing service platform open-sourced by Chocobozzz. It is used to create video projects. PeerTube suffers from a security vulnerability that stems from improper handling of Zip bombs, which can lead to running out of disk space...