Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadFile and DownloadFileWithHeaders functions. An attacker can cause the server to make arbitrary HTTP requests to internal network resources by supplying crafted URLs during the migration...

CVE-2025-1945

picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being...

EUVD-2008-5498

Malware in sbrugna...

EUVD-2005-0134

Malware in sbrugna...

Denial Of Service (DoS)

OpenEXR is vulnerable to denial of service DoS. The vulnerability is due to improper input validation due to trusting unvalidated dataWindow size values from file headers, leading to excessive memory allocation and performance degradation...

DEBIAN-CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

Regular-expression DoS when parsing TarFile headers

...

BIT-GOLANG-2022-2879 Unbounded memory consumption when reading headers in archive/tar

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

RHCOS 4 : OpenShift Container Platform 4.12.22 (RHSA-2023:3613)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3613 advisory. - golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers CVE-2022-2879 - golang:...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18-openssl (SUSE-SU-2023:2312-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2312-1 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before G...

USN-6038-1: Go vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

CVE-2022-2879

A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...

CVE-2022-2879

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

CVE-2022-2879

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

CVE-2022-2879

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

GO-2022-1037 Unbounded memory consumption when reading headers in archive/tar

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

Rip Raw - Small Tool To Analyse The Memory Of Compromised Linux Systems

Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps from Linux systems. This enables you to analyse systems without needing to generate a profile. This is not a...

Security update for rmt-server (important)

openSUSE Security Update: Security update for rmt-server Announcement ID: openSUSE-SU-2019:1824-1 Rating: important References: 1128858 1129271 1129392 1132160 1132690 1134190 1134428 1135222 1136020 1136081 1138316 1140492 Cross-References: CVE-2019-11068 CVE-2019-5419 Affected Products: openSUS...

mybb -- multiple vulnerabilities

myBB Team reports: High risk: Installer RCE on configuration file write High risk: Language file headers RCE Medium risk: Installer XSS Medium risk: Mod CP Edit Profile XSS Low risk: Insufficient moderator permission check in delayed moderation tools Low risk: Announcements HTML filter bypass Low...

Python Windows Event Log Parser: python-evtx

Python Windows Event Log Parser python-evtx is a pure Python parser for recent Windows Event Log files those with the file extension “.evtx”. The module provides programmatic access to the File and Chunk headers, record templates, and event entries. For example, you can use python-evtx to review...