python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

CLSA-2026-1778489354 python2: Fix of CVE-2026-6100

CVE-2026-6100: defensively null bzs-nextin on the error path of BZ2Decompdecompress to align with upstream; the UAF window does not exist in Python 2.7 nextin is reassigned at function entry, lzma/gzip are not C extensions...

CLSA-2026-1777568294 python2: Fix of CVE-2026-6100

CVE-2026-6100: defensively null bzs-nextin on the error path of BZ2Decompdecompress to align with upstream; the UAF window does not exist in Python 2.7 nextin is reassigned at function entry, lzma/gzip are not C extensions...

MiracleLinux 9 : gstreamer1-plugins-good-1.18.4-6.el9 (AXSA:2023-5649:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5649:01 advisory. gstreamer-plugins-good: Potential heap overwrite in gstmatroskademuxaddwvpkheader CVE-2022-1920 gstreamer-plugins-good: Heap-based buffer overflow i...

CVE-2025-54564

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...

CVE-2025-54564

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...

PT-2025-31673 · Chargepoint · Chargepoint Home Flex

Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex version 5.5.4.13 Description: The software does not validate a user-controlled string for bz2 decompression, which can lead to command execution as the nobody user. Recommendations: At the moment, there is no information...

CVE-2025-54564

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...

RHEL 9 : gstreamer1-plugins-good (RHSA-2023:2260)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2260 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contai...