3260 matches found
GHSA-PQQP-7CP8-VXVF Ackites KillWxapkg Zip Bomb Resource Exhaustion
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
CVE-2025-5031
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
CVE-2025-5031
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
CVE-2025-5031 Ackites KillWxapkg wxapkg File Decompression resource consumption
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
KillWxapkg 资源管理错误漏洞
KillWxapkg is an automated decompiler of WeChat applets by Antkites individual developers. A resource management error vulnerability exists in KillWxapkg 2.4.1 and earlier versions, which stems from improper handling of wxapkg file decompression, which can lead to resource consumption...
Heap Based Buffer Overflow
openexr is vulnerable to a heap-based buffer overflow. The vulnerability is due to bad pointer math during decompression of DWAA-packed scan-line EXR files with a maliciously forged chunk, which allows an attacker to trigger memory corruption and potentially execute arbitrary code...
AZL-61829 CVE-2025-47436 affecting package orc 0.4.31-4
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...
AZL-61836 CVE-2025-47436 affecting package orc 0.4.39-2
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...
CVE-2025-47436 Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...
K000151312: cURL vulnerability CVE-2025-0725
Security Advisory Description When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. CVE-2025-0725...
Apache ORC 安全漏洞
Apache ORC is a high-performance columnar storage format from the Apache Foundation, designed for the Hadoop ecosystem to optimize big data query and analysis performance. A security vulnerability exists in Apache ORC 2.1.1 and earlier versions, which stems from a heap buffer overflow in the LZO...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1502)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-1503)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option,using zlib...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-1502)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option,using zlib...
[SECURITY] Fedora 41 Update: xz-5.8.1-2.fc41
XZ Utils are an attempt to make LZMA compression easy to use on free as in freedom operating systems. This is achieved by providing tools and libraries which are similar to use than the equivalents of the most popular existing compression algorithms. LZMA is a general purpose compression algorith...
[SECURITY] Fedora 40 Update: xz-5.8.1-2.fc40
XZ Utils are an attempt to make LZMA compression easy to use on free as in freedom operating systems. This is achieved by providing tools and libraries which are similar to use than the equivalents of the most popular existing compression algorithms. LZMA is a general purpose compression algorith...
EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1408)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-t...
EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1407)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-t...
USN-7476-1 python-scrapy vulnerabilities
It was discovered that Scrapy improperly exposed HTTP authentication credentials to request targets, including during redirects. An attacker could use this issue to gain unauthorized access to user accounts. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-41125 It was...
OSV-2025-312 Heap-buffer-overflow in ZSTD_decompressMultiFrame
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=414856644 Crash type: Heap-buffer-overflow READ 1 Crash state: ZSTDdecompressMultiFrame ZSTDdecompressDCtx zstdwrapdecompress...