EUVD-2001-0087

Malware in sbrugna...

EUVD-2003-0939

Malware in sbrugna...

CVE-2025-49163

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...

Arris VIP1113 安全漏洞

The Arris VIP1113 is a set-top box for HD IPTV services from Arris USA. A security vulnerability exists in the Arris VIP1113 version 2025-05-30 and earlier, which stems from a specially crafted /usr/bin/gunzip file that could lead to arbitrary image booting...

CVE-2025-49163

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...

SUSE CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

CLSA-2021-1635459154 Fix CVE(s): CVE-2021-28831

SECURITY UPDATE: operation on invalid pointer - debian/patches/CVE-2021-28831.patch: decompressgunzip.c mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. - CVE-2021-28831...

DEBIAN-CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

ALPINE-CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

Updated libcryptopp packages fix security vulnerability

Crypto++'s Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds read when decompressing data CVE-2017-9434...

Samhain Labs 1.x HSFTP Remote Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9715/info hsftp has been found to be prone to a remote print format string vulnerability. This issue is due to the application improper use of a format printing function. Ultimately this vulnerability could allow for...

Itetris 1.6.1/1.6.2 Privileged Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2139/info Itetris, or Intelligent Tetris, is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video hardware when run by a regular...

rsync 2.3/2.4/2.5 Signed Array Index Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3958/info A vulnerability exists within some versions of rsync. Under some circumstances, a remotely supplied signed value is used as an array index, allowing NULL bytes to be written to arbitrary memory locations...

Fedora 18 : nginx-1.2.9-1.fc18 (2013-8182)

Update to upstream release 1.2.9 which fixes : - CVE-2013-2070 'denial of service or memory disclosure when using proxypass' fix build on platforms without gperftools Update to upstream release 1.4.0, which includes support for proxying of WebSocket connections, OCSP stapling, SPDY module, gunzip...

Fedora Update for boa FEDORA-2010-7645

Check for the Version of boa OpenVAS Vulnerability Test Fedora Update for boa FEDORA-2010-7645 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

[SECURITY] Fedora 12 Update: boa-0.94.14-0.15.rc21.fc12

Boa is a single-tasking HTTP server. That means that unlike traditional web servers, it does not fork for each incoming connection, nor does it fork ma ny copies of itself to handle multiple connections. It internally multiplexes all of the ongoing HTTP connections, and forks only for CGI program...

Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption

Added: 02/12/2010 CVE: CVE-2010-0031 BID: 38103 OSVDB: 62237 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability allows command execution when a user opens a PowerPoint file containing an...

Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption

Added: 02/12/2010 CVE: CVE-2010-0031 BID: 38103 OSVDB: 62237 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability allows command execution when a user opens a PowerPoint file containing an...

FreeBSD : xloadimage -- arbitrary command execution when handling compressed files (310d0087-0fde-4929-a41f-96f17c5adffe)

Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...