Lucene search
K

31 matches found

OSV
OSV
added 2024/03/09 1:15 a.m.7 views

AZL-38130 CVE-2024-28180 affecting package telegraf for versions less than 1.29.4-8

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
NVD
NVD
added 2023/03/22 8:15 p.m.18 views

CVE-2023-28119

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

7.5CVSS7.2AI score0.00957EPSS
Exploits0References2
OSV
OSV
added 2022/10/18 11:28 a.m.6 views

SUSE-SU-2022:3617-1 Security update for netty

This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream bsc1168932 - CVE-2021-21290: Information disclosure via the local system temporary directory bsc1182103 - CVE-2021-37136: Bzip2Decoder doesn't...

7.5CVSS6.9AI score0.09438EPSS
Exploits1References9
OSV
OSV
added 2017/08/11 7:29 p.m.1 views

CVE-2017-11235

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code...

8.8CVSS6AI score0.07973EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/01/10 3:0 p.m.30 views

CVE-2016-6581

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...

7.4AI score0.01757EPSS
Exploits0References2
securityvulns
securityvulns
added 2010/08/11 12:0 a.m.33 views

Microsoft Windows Cinepak codec memory corruption

Memory corruption on data decompression...

9.3CVSS2.7AI score0.30895EPSS
Exploits5References2Affected Software1
RedHat Linux
RedHat Linux
added 2010/06/14 10:28 p.m.5 views

flash-plugin: multiple security flaws (APSB10-14)

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and...

9.3CVSS6.2AI score0.06751EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2010/06/11 4:32 p.m.5 views

flash-plugin: multiple security flaws (APSB10-14)

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and...

9.3CVSS6.2AI score0.06751EPSS
Exploits1References4
securityvulns
securityvulns
added 2010/03/18 12:0 a.m.46 views

libpng DoS

Resources exhaustion on data decompression in pngdecompresschunk...

7.8CVSS2.2AI score0.04208EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/09/27 12:0 a.m.33 views

GLSA-200609-13 : gzip: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200609-13 gzip: Multiple vulnerabilities Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the LZH decompression code, where a...

7.5CVSS6AI score0.05641EPSS
Exploits1References6
Gentoo Linux
Gentoo Linux
added 2006/09/23 12:0 a.m.43 views

gzip: Multiple vulnerabilities

Background gzip, the GNU zip compression utility, is a free and patent unencumbered replacement for the standard compress utility. Description Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the L...

7.5CVSS7.6AI score0.05641EPSS
Exploits1
Rows per page
Query Builder