Linux Distros Unpatched Vulnerability : CVE-2020-10809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress located in decompress.c. It can be triggered by...

Linux Distros Unpatched Vulnerability : CVE-2023-38648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple out-of-bounds write vulnerabilities exist in the VZT vztrdgetfacname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can...

Linux Distros Unpatched Vulnerability : CVE-2023-35960

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2023-35963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2023-35956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst...

Linux Distros Unpatched Vulnerability : CVE-2023-38657

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to...

Linux Distros Unpatched Vulnerability : CVE-2023-35959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2023-35961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2018-14682

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decompression. CVE-2018-14682...

CVE-2025-38627

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fsinodeinfo in f2fsfreedic The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing postreadwq has not bee...

CVE-2025-38627

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fsinodeinfo in f2fsfreedic The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing postreadwq has not bee...

[SECURITY] Fedora 42 Update: suricata-7.0.11-1.fc42

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Linux Distros Unpatched Vulnerability : CVE-2023-51105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A floating point exception divide-by-zero vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmpdecompressrle4 of load-bmp.c. CVE-2023-51105 Note...

Linux Distros Unpatched Vulnerability : CVE-2024-11477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

Heap-based Buffer Overflow

OpenEXR is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to improper memory handling due to a maliciously forged chunk header when decompressing ZIPS-packed deep scan-line EXR files...

Linux Distros Unpatched Vulnerability : CVE-2025-48072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 i...

Joomla! 代码问题漏洞

Joomla! is a free, open source content management system from Joomla! A code issue vulnerability exists in Joomla! versions 1.0.0-4.0.0 and 5.0.0-5.0.1, which stems from a flaw in the decompression feature that could lead to remote code execution...

OpenEXR Buffer Overflow Vulnerability (CNVD-2025-24799)

OpenEXR is an open standard for high dynamic range image HDR file formats. A heap buffer overflow vulnerability exists in OpenEXR versions 3.3.0 through 3.3.2 when decompressing ZIPS-compressed deep scanline EXR files, which originates from a write operation out of bounds when processing...

Linux Distros Unpatched Vulnerability : CVE-2025-24294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within ...

Medium: ruby3.2

Issue Overview: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv...