EulerOS 2.0 SP13 : python-urllib3 (EulerOS-SA-2026-1259)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by...

Retraction of "Antivirus and Endpoint Detection and Response Archive Scanning Engines may not properly scan malformed ZIP archives"

Overview Malformed ZIP headers can be used to obfuscate malicious content in ZIP files from antivirus detection tools. Despite the presence of malformed headers, custom extraction software can decompress the ZIP archive, allowing potentially malicious payloads to be recovered after successful...

EUVD-2026-10138

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

ALPINE-CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

UBUNTU-CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

CVE-2026-2219 affects dpkg-deb in dpkg, where improper validation of the end of the data stream during uncompression of zstd-compressed .deb archives can lead to a denial-of-service (infinite CPU loop). Public records from OSV and OSV-derived advisories confirm patches exist in multiple distribut...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

dpkg-deb 安全漏洞

dpkg-deb is a package manager in Linux developed by the Debian community. dpkg-deb has a security vulnerability that stems from improper validation of the end of the data stream when decompressing.deb archives compressed with zstd, which could lead to a denial-of-service attack...

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal...

Oracle Linux 10 : delve (ELSA-2026-3864)

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-3864 advisory. 1.25.2-2.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-2 - Rebuild with latest Go Tenable has extracted the preceding...

Oracle Linux 9 : delve (ELSA-2026-3842)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-3842 advisory. 1.25.2-2.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-2 - Rebuild without changes. - Resolves: RHEL-153104 Tenable has extracted the...

CVE-2026-1605

In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed. This happens because the JDK Inflater is allocated for decompressing t...

AZL-79271 CVE-2026-3381 affecting package fltk 1.3.8-1

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

AZL-79410 CVE-2026-3381 affecting package python-tensorflow-estimator 2.11.0-2

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

AZL-79242 CVE-2026-3381 affecting package clucene 2.3.3.4-38

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

delve security update

1.25.2-2.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-2 - Rebuild with latest Go...

delve security update

1.25.2-2.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-2 - Rebuild without changes. - Resolves: RHEL-153104...

Security Bulletin: Vulnerabilities in MongoDB Server might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Zlib which use by MongoDB server. Vulnerability include mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client as described by t...