Lucene search
K

44 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-39945

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.01493EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-7721

Malicious code in bioql PyPI...

5.3CVSS5.8AI score0.01747EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18505

Malicious code in bioql PyPI...

3.3CVSS6.2AI score0.00149EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:10 a.m.9 views

CVE-2019-18370

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...

9.8CVSS7.5AI score0.40295EPSS
Exploits2References1
OSV
OSV
added 2025/03/17 8:16 p.m.18 views

RLSA-2025:0925 Moderate: bzip2 security update

The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. Security Fixes: bzip2: bzip2: Data integrity error when decompressing with data integrity test...

4.4CVSS7AI score0.08042EPSS
Exploits0References2
OSV
OSV
added 2025/03/12 8:11 p.m.21 views

CVE-2025-25293 ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...

8.7CVSS8.5AI score0.01359EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2022-49078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've...

7.8CVSS6.3AI score0.00254EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2023-52497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for...

6.1CVSS6.2AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2025/02/05 8:0 a.m.16 views

CURL-CVE-2025-0725 gzip integer overflow

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...

7.3CVSS5.7AI score0.01218EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2025/02/04 9:23 a.m.24 views

Moderate: Red Hat Security Advisory: bzip2 security update

An update for bzip2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS6.7AI score0.08042EPSS
Exploits0References2
Amazon
Amazon
added 2024/08/15 12:0 a.m.14 views

Medium: nerdctl

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS7.2AI score0.91969EPSS
Exploits1
CNNVD
CNNVD
added 2024/04/06 12:0 a.m.6 views

archiver 路径遍历漏洞

archiver is a compression/decompression utility program. A path traversal vulnerability exists in archiver. An attacker could use this vulnerability to create specially crafted tar files that, when decompressed, could allow access to restricted files or directories...

7.8CVSS5.8AI score0.00928EPSS
Exploits1References3
OSV
OSV
added 2024/03/09 1:15 a.m.4 views

AZL-35844 CVE-2024-28180 affecting package kube-vip-cloud-provider for versions less than 0.0.2-19

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/01/08 3:15 p.m.4 views

CVE-2023-35959

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns .ghw...

7.8CVSS8.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/08 2:47 p.m.3 views

CVE-2023-35961

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

7.8CVSS8AI score0.01493EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.4 views

PT-2024-12749 · Gtkwave · Gtkwave

Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: Multiple out-of-bounds write vulnerabilities exist in the VZT vzt rd get facname decompression functionality. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open...

7.8CVSS8.4AI score0.01493EPSS
Exploits82References132
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.4 views

SUSE CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...

5CVSS5.6AI score0.04422EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.3 views

SUSE CVE-2017-2991

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec related to decompression. Successful exploitation could lead to arbitrary code execution...

8.8CVSS9AI score0.08666EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/05 12:0 a.m.6 views

CVE-2022-41642

OS command injection vulnerability in Nadesiko3 PC Version v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...

7.7AI score0.02067EPSS
Exploits0References3
OSV
OSV
added 2022/10/18 11:28 a.m.6 views

SUSE-SU-2022:3617-1 Security update for netty

This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream bsc1168932 - CVE-2021-21290: Information disclosure via the local system temporary directory bsc1182103 - CVE-2021-37136: Bzip2Decoder doesn't...

7.5CVSS6.9AI score0.09438EPSS
Exploits1References9
Rows per page
Query Builder