Linux Distros Unpatched Vulnerability : CVE-2024-11477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

Heap-based Buffer Overflow

OpenEXR is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to improper memory handling due to a maliciously forged chunk header when decompressing ZIPS-packed deep scan-line EXR files...

Linux Distros Unpatched Vulnerability : CVE-2025-48072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 i...

Joomla! 代码问题漏洞

Joomla! is a free, open source content management system from Joomla! A code issue vulnerability exists in Joomla! versions 1.0.0-4.0.0 and 5.0.0-5.0.1, which stems from a flaw in the decompression feature that could lead to remote code execution...

OpenEXR Buffer Overflow Vulnerability (CNVD-2025-24799)

OpenEXR is an open standard for high dynamic range image HDR file formats. A heap buffer overflow vulnerability exists in OpenEXR versions 3.3.0 through 3.3.2 when decompressing ZIPS-compressed deep scanline EXR files, which originates from a write operation out of bounds when processing...

Linux Distros Unpatched Vulnerability : CVE-2025-24294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within ...

7-Zip 安全漏洞

7-Zip is a compression software from the 7-Zip open source. A security vulnerability exists in versions prior to 7-Zip 25.01 that stems from symbolic links not being handled correctly during decompression...

Medium: ruby3.2

Issue Overview: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv...

Linux Distros Unpatched Vulnerability : CVE-2022-50193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after zerofslzmahead ready When the user mounts the erofs second...

Medium: ruby

Issue Overview: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv...

CVE-2025-54564

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...

CVE-2025-54564

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...

jetty-server: Jetty: Gzip Request Body Buffer Corruption

A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...

ChargePoint Home Flex 安全漏洞

ChargePoint Home Flex is a series of electric vehicle charging devices from ChargePoint USA. A security vulnerability exists in ChargePoint Home Flex version 5.5.4.13, which originates from an unauthenticated user-controlled bz2 decompression string that could lead to command execution...

CVE-2025-54564

The CVE-2025-54564 entry affects ChargePoint Home Flex 5.5.4.13. It stems from the uploadsm component failing to validate a user-controlled string during bz2 decompression, enabling command execution as the nobody user. According to the initial data, this is a local vulnerability with a CVSS 3.1 ...

PT-2025-31673 · Chargepoint · Chargepoint Home Flex

Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex version 5.5.4.13 Description: The software does not validate a user-controlled string for bz2 decompression, which can lead to command execution as the nobody user. Recommendations: At the moment, there is no information...

CVE-2025-54564

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image HDR file formats. A heap buffer overflow vulnerability exists in OpenEXR versions 3.3.0 through 3.3.2 when decompressing ZIPS-compressed deep scanline EXR files, which originates from a write operation out of bounds when processing...

WWBN AVideo 竞争条件问题漏洞

WWBN AVideo is a video platform builder written in PHP by WWBN team. A competitive condition issue vulnerability exists in WWBN AVideo version 14.4, which stems from a competitive condition in the aVideoEncoder.json.php decompression function that could lead to arbitrary code execution...

AZL-65202 CVE-2025-24294 affecting package ruby for versions less than 3.1.7-3

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...