125 matches found
Updated python-urllib3 packages fix security vulnerabilities
urllib3 allows an unbounded number of links in the decompression chain. CVE-2025-66418 urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects streaming API. CVE-2026-21441...
Medium: python-urllib3
Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...
Information Disclosure
Aircompressor is vulnerable to Information Disclosure. The vulnerability is due to improper handling of malformed compressed data in decompression routines, which allows an attacker to craft input that leaks previous buffer contents and expose sensitive data...
PT-2025-51030
Name of the Vulnerable Software and Affected Versions Aircompressor versions 3.3 and below Description Aircompressor is a Java library providing ports of Snappy, LZO, LZ4, and Zstandard compression algorithms. Incorrect handling of malformed data in the Java-based decompressor implementations for...
resolv: Denial of Service in resolv gem
A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...
Insertion of Sensitive Information Into Sent Data
Overview net.jpountz.lz4:lz4 is a package for LZ4 compression for Java Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive...
Insertion of Sensitive Information Into Sent Data
Overview org.lz4:lz4-java is a Java port of the LZ4 compression algorithm and the xxHash hashing algorithm. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An...
EUVD-2020-24405
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-35964
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2023-35963
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2023-35961
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...
WWBN AVideo 竞争条件问题漏洞
WWBN AVideo is a video platform builder written in PHP by WWBN team. A competitive condition issue vulnerability exists in WWBN AVideo version 14.4, which stems from a competitive condition in the aVideoEncoder.json.php decompression function that could lead to arbitrary code execution...
CVE-2020-26082
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...
CVE-2025-5031 Ackites KillWxapkg wxapkg File Decompression resource consumption
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
CVE-2022-49078
In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer or can't proceed with reading an offset for following match. In some extreme corner cases when compresse...
CVE-2025-0332
CVE-2025-0332 affects Progress Telerik UI for WinForms. Prior to 2025 Q1 (2025.1.211), improper limitation of a target path enables path traversal when decompressing archive contents into a restricted directory. Impact involves potential exposure/manipulation of data (confidentiality, integrity, ...
OESA-2025-1075 podman security update
Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavio...
PT-2024-40946 · Ruzstd · Ruzstd
Name of the Vulnerable Software and Affected Versions: ruzstd affected versions not specified Description: The issue arises from miscalculations in the length of the allocated and init section of the internal RingBuffer in ruzstd. This leads to uninitialized or out-of-bounds reads in copy bytes...