44 matches found
EUVD-2023-39945
Malicious code in bioql PyPI...
EUVD-2021-7721
Malicious code in bioql PyPI...
EUVD-2025-18505
Malicious code in bioql PyPI...
CVE-2019-18370
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...
RLSA-2025:0925 Moderate: bzip2 security update
The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. Security Fixes: bzip2: bzip2: Data integrity error when decompressing with data integrity test...
CVE-2025-25293 ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...
Linux Distros Unpatched Vulnerability : CVE-2022-49078
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've...
Linux Distros Unpatched Vulnerability : CVE-2023-52497
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for...
CURL-CVE-2025-0725 gzip integer overflow
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...
Moderate: Red Hat Security Advisory: bzip2 security update
An update for bzip2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Medium: nerdctl
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
archiver 路径遍历漏洞
archiver is a compression/decompression utility program. A path traversal vulnerability exists in archiver. An attacker could use this vulnerability to create specially crafted tar files that, when decompressed, could allow access to restricted files or directories...
AZL-35844 CVE-2024-28180 affecting package kube-vip-cloud-provider for versions less than 0.0.2-19
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
CVE-2023-35959
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns .ghw...
CVE-2023-35961
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
PT-2024-12749 · Gtkwave · Gtkwave
Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: Multiple out-of-bounds write vulnerabilities exist in the VZT vzt rd get facname decompression functionality. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open...
SUSE CVE-2015-2188
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...
SUSE CVE-2017-2991
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec related to decompression. Successful exploitation could lead to arbitrary code execution...
CVE-2022-41642
OS command injection vulnerability in Nadesiko3 PC Version v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...
SUSE-SU-2022:3617-1 Security update for netty
This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream bsc1168932 - CVE-2021-21290: Information disclosure via the local system temporary directory bsc1182103 - CVE-2021-37136: Bzip2Decoder doesn't...