Lucene search
K

129 matches found

NVD
NVD
added 8 hours ago6 views

CVE-2026-61449

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42960

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-57215

Name of the Vulnerable Software and Affected Versions adm-zip versions prior to 0.5.18 Description A denial-of-service issue exists when parsing crafted ZIP files with a manipulated uncompressed size header field. The library allocates memory based on the declared uncompressed size from the ZIP...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References5
CVE
CVE
added 5 days ago11 views

CVE-2026-39244

The CVE-2026-39244 entry concerns adm-zip before 0.5.18 and describes a denial-of-service vulnerability triggered by a crafted ZIP file with a manipulated uncompressed size header. The root cause is that zipEntry.js allocates memory using Buffer.alloc(_centralHeader.size) based on the uncompresse...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Python 3.11

The ‘zipfile’ module does not check the validity of the offset value specified in the ZIP64 End of Central Directory EOCD Locator record. Instead, the ZIP64 EOCD record is assumed to be the previous record in the ZIP archive. This behavior could be exploited to create ZIP archives that are...

4.3CVSS6.4AI score0.00353EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Krajowa Izba Rozliczeniowa SzafirHost 代码问题漏洞

Krajowa Izba Rozliczeniowa SzafirHost is an electronic signature server component developed by the Polish company Krajowa Izba Rozliczeniowa. It provides certificate management and signature processing capabilities. Versions of Krajowa Izba Rozliczeniowa SzafirHost prior to 1.2.1 had code...

8.6CVSS6.2AI score0.00445EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.16 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-014319)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014319 advisory. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD...

4.3CVSS6.4AI score0.00353EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/17 6:54 p.m.3 views

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

4.3CVSS6.4AI score0.00353EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/04/11 7:41 p.m.1 views

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

4.3CVSS6.4AI score0.00353EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/04/10 7:25 p.m.2 views

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

4.3CVSS6.4AI score0.00353EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1345)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to...

7.5CVSS6.7AI score0.01525EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.16 views

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2026-1256)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

7.5CVSS7AI score0.01525EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

RHEL 9 : python3.12 (RHSA-2026:0354)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0354 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

4.3CVSS6.9AI score0.00353EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : python3.9-3.9.25-2.el9_7 (AXSA:2025-11589:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11589:05 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 cpython: Python HTMLParser quadratic complexity...

6.5CVSS6.4AI score0.00744EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/08 2:45 p.m.8 views

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

4.3CVSS6.6AI score0.00353EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/01/08 2:45 p.m.7 views

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

4.3CVSS6.2AI score0.00353EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/01/08 2:33 p.m.4 views

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

4.3CVSS6.2AI score0.00353EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/01/08 1:54 p.m.10 views

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

4.3CVSS6.6AI score0.00353EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/01/08 1:54 p.m.6 views

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

4.3CVSS6.2AI score0.00353EPSS
Exploits0References9
OSV
OSV
added 2026/01/07 9:2 a.m.5 views

RLSA-2026:0123 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.9AI score0.00708EPSS
Exploits0References3
Rows per page
Query Builder