Lucene search
K

125 matches found

Mageia
Mageia
added 2026/01/17 2:48 a.m.11 views

Updated python-urllib3 packages fix security vulnerabilities

urllib3 allows an unbounded number of links in the decompression chain. CVE-2025-66418 urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects streaming API. CVE-2026-21441...

8.9CVSS7AI score0.02667EPSS
Exploits0References3
Amazon
Amazon
added 2026/01/05 12:0 a.m.5 views

Medium: python-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...

8.9CVSS6.8AI score0.00633EPSS
Exploits0
Veracode
Veracode
added 2025/12/13 5:16 a.m.13 views

Information Disclosure

Aircompressor is vulnerable to Information Disclosure. The vulnerability is due to improper handling of malformed compressed data in decompression routines, which allows an attacker to craft input that leaks previous buffer contents and expose sensitive data...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-51030

Name of the Vulnerable Software and Affected Versions Aircompressor versions 3.3 and below Description Aircompressor is a Java library providing ports of Snappy, LZO, LZ4, and Zstandard compression algorithms. Incorrect handling of malformed data in the Java-based decompressor implementations for...

9.8CVSS7.5AI score0.00363EPSS
Exploits0References99
RedHat Linux
RedHat Linux
added 2025/12/11 7:50 p.m.4 views

resolv: Denial of Service in resolv gem

A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...

7.5CVSS5.7AI score0.00539EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/05 6:54 p.m.5 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...

8.8CVSS6.7AI score0.00647EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/05 6:54 p.m.4 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...

8.8CVSS6.6AI score0.00647EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/05 6:54 p.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview net.jpountz.lz4:lz4 is a package for LZ4 compression for Java Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive...

8.8CVSS6.7AI score0.00647EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/05 6:54 p.m.3 views

Insertion of Sensitive Information Into Sent Data

Overview org.lz4:lz4-java is a Java port of the LZ4 compression algorithm and the xxHash hashing algorithm. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An...

8.8CVSS6.7AI score0.00647EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2020-24405

Malware in sbrugna...

6.5CVSS6.5AI score0.01087EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-35964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

7.8CVSS7.3AI score0.01481EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-35963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

7.8CVSS7.3AI score0.01481EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-35961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

7.8CVSS7.3AI score0.01493EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/24 12:0 a.m.2 views

WWBN AVideo 竞争条件问题漏洞

WWBN AVideo is a video platform builder written in PHP by WWBN team. A competitive condition issue vulnerability exists in WWBN AVideo version 14.4, which stems from a competitive condition in the aVideoEncoder.json.php decompression function that could lead to arbitrary code execution...

8.8CVSS8.1AI score0.00974EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.5 views

CVE-2020-26082

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

5.8CVSS7AI score0.00623EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/05/21 5:0 p.m.6 views

CVE-2025-5031 Ackites KillWxapkg wxapkg File Decompression resource consumption

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...

3.1CVSS6.8AI score0.0036EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/02/26 1:54 a.m.4 views

CVE-2022-49078

In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer or can't proceed with reading an offset for following match. In some extreme corner cases when compresse...

7.8CVSS5.7AI score0.00254EPSS
Exploits0
CVE
CVE
added 2025/02/12 3:15 p.m.68 views

CVE-2025-0332

CVE-2025-0332 affects Progress Telerik UI for WinForms. Prior to 2025 Q1 (2025.1.211), improper limitation of a target path enables path traversal when decompressing archive contents into a restricted directory. Impact involves potential exposure/manipulation of data (confidentiality, integrity, ...

9.8CVSS7.6AI score0.00374EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/24 1:37 p.m.4 views

OESA-2025-1075 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavio...

5.9CVSS6.8AI score0.02085EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/28 12:0 a.m.3 views

PT-2024-40946 · Ruzstd · Ruzstd

Name of the Vulnerable Software and Affected Versions: ruzstd affected versions not specified Description: The issue arises from miscalculations in the length of the allocated and init section of the internal RingBuffer in ruzstd. This leads to uninitialized or out-of-bounds reads in copy bytes...

6.8AI score
Exploits0References5
Rows per page
Query Builder