CLSA-2026-1778489354 python2: Fix of CVE-2026-6100

CVE-2026-6100: defensively null bzs-nextin on the error path of BZ2Decompdecompress to align with upstream; the UAF window does not exist in Python 2.7 nextin is reassigned at function entry, lzma/gzip are not C extensions...

CVE-2026-20057

Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications VBA feature which could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to lack of proper error checking when decompressing VBA...

CVE-2026-20058

Multiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. These vulnerabilities are due to improper error checking when decompressing VBA data. An attacker could exploit...

CVE-2026-20057

Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications VBA feature which could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to lack of proper error checking when decompressing VBA...

CVE-2026-20054

Cisco CVE-2026-20054 affects Snort 3 VBA feature. The vulnerability stems from improper error checking when decompressing VBA data, allowing an unauthenticated attacker to send crafted VBA to the Snort 3 Detection Engine and force an infinite loop, resulting in DoS. CVSS‑3.1 metrics: AV:N/AC:L/PR...

Cisco IOS XE和Cisco Secure Firewall Threat Defense 数字错误漏洞

Cisco IOS XE and Cisco Secure Firewall Threat Defense are both products of the American company Cisco. Cisco IOS XE is an operating system. It serves as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN operations. Cisco IOS XE reduces the complexity o...

EUVD-2020-6263

Malware in sbrugna...

EUVD-2018-6576

Malware in sbrugna...

EUVD-2023-27097

Malicious code in bioql PyPI...

jetty-server: Jetty: Gzip Request Body Buffer Corruption

A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...

jetty-server: Jetty: Gzip Request Body Buffer Corruption

A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...

CVE-2025-6199

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the...

CVE-2020-14104

A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50...

ALSA-2025:0733 Moderate: bzip2 security update

The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. Security Fixes: bzip2: bzip2: Data integrity error when decompressing with data integrity test...

`ruzstd` uninit and out-of-bounds memory reads

Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copybytesovershooting of up to 15 bytes. This may result in up to 15 bytes of memory contents being written into the decoded data wh...

CVE-2020-14104

A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50...

Race condition

A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50...

CVE-2020-14104

A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50...

AZL-6342 CVE-2021-28831 affecting package busybox for versions less than 1.32.0-2

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

CentOS 7 : libarchive (RHSA-2020:0203)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0203 advisory. - archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVEFAILED situation, related to...