Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3202 matches found

CVE
CVEadded 2022/07/19 7:10 p.m.111 views

CVE-2022-2122

CVE-2022-2122 affects GStreamer gst-plugins-good demuxing in qtdemux, where an overflow/heap overwrite can occur during zlib decompression in qtdemux_inflate, potentially causing a segfault or heap overwrite depending on libc/OS. Affected component: gstreamer gst-plugins-good (mkv/avi demuxers us...

7.8CVSS7.6AI score0.00428EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinuxadded 2022/07/19 7:10 p.m.30 views

CVE-2022-2122

DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemuxinflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a...

7.8CVSS7.9AI score0.00428EPSS
Exploits1
CVE
CVEadded 2022/07/19 7:10 p.m.117 views

CVE-2022-1925

CVE-2022-1925 affects the GStreamer gst-plugins-good package, specifically the mkv demuxer path. The issue is a heap overflow arising from the matroska demuxing flow: the matroskaparse element lacks size checks in gst_matroska_decompress_data, while the matroskademux path imposes chunk-size restr...

7.8CVSS7.6AI score0.00436EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVEadded 2022/07/19 7:10 p.m.36 views

CVE-2022-1925

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gstmatroskadecompressdata function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however t...

7.8CVSS7.8AI score0.00436EPSS
Exploits1
AlpineLinux
AlpineLinuxadded 2022/07/19 7:10 p.m.37 views

CVE-2022-1925

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gstmatroskadecompressdata function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however t...

7.8CVSS7.9AI score0.00436EPSS
Exploits1
CVE
CVEadded 2022/07/19 7:9 p.m.101 views

CVE-2022-1922

CVE-2022-1922 affects gstreamer-plugins-good (MKV demuxing via zlib). Affected component: matroskademux, specifically gst_matroska_decompress_data, where an integer overflow could lead to a segfault or a heap overwrite depending on libc/OS behavior. This is a potential local, low-complexity issue...

7.8CVSS7.7AI score0.00426EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/07/19 7:9 p.m.20 views

CVE-2022-1922

DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gstmatroskadecompressdata function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS...

8.1AI score0.00426EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2022/07/19 7:9 p.m.29 views

CVE-2022-1922

DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gstmatroskadecompressdata function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS...

7.8CVSS7.9AI score0.00426EPSS
Exploits1
AlpineLinux
AlpineLinuxadded 2022/07/19 7:9 p.m.32 views

CVE-2022-1922

DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gstmatroskadecompressdata function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS...

7.8CVSS7.9AI score0.00426EPSS
Exploits1
Microsoft CVE
Microsoft CVEadded 2022/07/19 7:0 a.m.2 views

curl < 7.84.0 supports "chained" HTTP compression algorithms meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb" makingcurl end up spending enormous amounts of allocated heap memory or trying toand returning out of memory errors.

...

6.5CVSS7.5AI score0.3197EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2022/07/19 12:0 a.m.2 views

PT-2022-5196 · Gstreamer +8 · Gstreamer +8

Name of the Vulnerable Software and Affected Versions: Gstreamer affected versions not specified Description: The issue is related to a potential heap overwrite in the qtdemux element using zlib decompression. This is caused by an integer overflow in the qtdemux inflate function, which can result...

8.8CVSS6.9AI score0.01537EPSS
Exploits7References124
Fedora
Fedoraadded 2022/07/17 1:16 a.m.19 views

[SECURITY] Fedora 35 Update: golang-github-ulikunitz-xz-0.5.10-4.fc35

This Go language package supports the reading and writing of xz compressed streams. It includes also a gxz command for compressing and decompressing dat a. The package is completely written in Go and doesn't have any dependency on an y C code...

9.3CVSS9AI score0.05994EPSS
Exploits4
Tenable Nessus
Tenable Nessusadded 2022/07/12 12:0 a.m.40 views

Oracle Linux 7 : olcne (ELSA-2022-9587)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9587 advisory. - Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 - Address qemu CVE-2022-26353, CVE-2021-3748...

10CVSS6.8AI score0.02701EPSS
Exploits1References7
OSV
OSVadded 2022/07/08 11:3 a.m.4 views

OESA-2022-1744 curl security update

Security Fixes: A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client.CVE-2022-3220...

9.8CVSS6.6AI score0.3197EPSS
Exploits4References5
OSV
OSVadded 2022/07/07 1:15 p.m.1 views

DEBIAN-CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5CVSS7AI score0.3197EPSS
Exploits1References1
OSV
OSVadded 2022/07/07 1:15 p.m.1 views

ALPINE-CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5CVSS6.9AI score0.3197EPSS
Exploits1References1
NVD
NVDadded 2022/07/07 1:15 p.m.19 views

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5CVSS0.3197EPSS
Exploits1References11
OSV
OSVadded 2022/07/07 1:15 p.m.4 views

AZL-10102 CVE-2022-32206 affecting package curl for versions less than 7.84.0-1

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5CVSS6.7AI score0.3197EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2022/07/07 12:0 a.m.2 views

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5AI score0.3197EPSS
Exploits1References11
curl security advisories
curl security advisoriesadded 2022/06/27 8:0 a.m.5 views

HTTP compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited...

6.5CVSS7.1AI score0.3197EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder