Path traversal

A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2022-4402 RainyGao DocSys ZIP File Decompression path traversal

A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...

PT-2022-27082 · Unknown · Rainygao Docsys

Name of the Vulnerable Software and Affected Versions: RainyGao DocSys version 2.02.37 Description: A critical vulnerability has been found in the ZIP File Decompression Handler component of RainyGao DocSys. The issue allows for path traversal, specifically using '../filedir', and can be initiate...

Amazon Linux AMI : curl (ALAS-2022-1646)

The version of curl installed on the remote host is prior to 7.61.1-12.101. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1646 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly...

curl: HTTP compression denial of service

A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...

curl: HTTP compression denial of service

A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...

OS Command Injection

nadesiko3 is vulnerable to OS command injection. The vulnerability exists due to compression and decompression which allows an attacker to inject and execute arbitrary commands...

GHSA-M8R5-7WF4-63MW Nadesiko3 OS Command Injection vulnerability

OS command injection vulnerability in Nadesiko3 PC Version v3.3.68 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. Release notes for versions 3.3.62 and 3.3.69 both link to patches for this particular issue. The...

Nadesiko3 OS Command Injection vulnerability

OS command injection vulnerability in Nadesiko3 PC Version v3.3.68 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. Release notes for versions 3.3.62 and 3.3.69 both link to patches for this particular issue. The...

CVE-2022-41642

OS command injection vulnerability in Nadesiko3 PC Version v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...

Command injection

OS command injection vulnerability in Nadesiko3 PC Version v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...

CVE-2022-41642

OS command injection vulnerability in Nadesiko3 PC Version v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...

PT-2022-25999 · Nadesiko3 · Nadesiko3

Name of the Vulnerable Software and Affected Versions: Nadesiko3 PC Version versions 3.3.61 and earlier Nadesiko3 PC Version versions 3.3.68 and earlier Description: The issue allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...

CVE-2022-45198

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

SUSE SLED15: gstreamer-plugins-good / gstreamer-plugins-good-32bit / etc (SUSE-SU-2022:3908-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3908-1 advisory. - CVE-2022-1920: Fixed integer overflow in WavPack header handling code bsc1201688. -...

SUSE-SU-2022:3906-1 Security update for gstreamer-0_10-plugins-good

This update for gstreamer-010-plugins-good fixes the following issues: - CVE-2022-1920: Fixed an integer overflow while parsing matroska files bsc1201688. - CVE-2022-1921: Fixed an integer overflow while parsing avi files bsc1201693. - CVE-2022-1922: Fixed an integer overflow during mkv demuxing...

Medium: curl

Issue Overview: A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This flaw leads to a denial of service, either by mistake or by a malicious actor. CVE-2022-322...

Denial of Service (DoS)

Overview apple/swift-nio-extras is an useful code around SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS. When using the .size decompression limit, request & response decompression checks the size of compressed instead of decompressed bytes. Details Denial of...

EulerOS 2.0 SP3 : gstreamer1-plugins-good (EulerOS-SA-2022-2612)

According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing...

SUSE-SU-2022:3760-1 Security update for netty

This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream bsc1168932 - CVE-2021-21290: Information disclosure via the local system temporary directory bsc1182103 - CVE-2021-37136: Bzip2Decoder doesn't...