EUVD-2001-0087

Malware in sbrugna...

EUVD-2003-0939

Malware in sbrugna...

CVE-2025-49163

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...

Arris VIP1113 安全漏洞

The Arris VIP1113 is a set-top box for HD IPTV services from Arris USA. A security vulnerability exists in the Arris VIP1113 version 2025-05-30 and earlier, which stems from a specially crafted /usr/bin/gunzip file that could lead to arbitrary image booting...

CVE-2025-49163

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...

The vulnerability of microprogrammed software in Rosemount GC370XA, GC700XA, and GC1500XA gas chromatographs arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary code.

The vulnerability of the microprogrammed software of the Rosemount GC370XA, GC700XA, and GC1500XA gas chromatographs is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute...

SUSE CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

CLSA-2021-1635459154 Fix CVE(s): CVE-2021-28831

SECURITY UPDATE: operation on invalid pointer - debian/patches/CVE-2021-28831.patch: decompressgunzip.c mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. - CVE-2021-28831...

The vulnerability of the `huft_build` function in the `archival/libarchive/decompress_gunzip.c` component of the BusyBox command-line utility suite, related to the manipulation of the null pointer, allows a malicious actor to trigger a denial-of-service attack.

The vulnerability of the huftbuild function in the archival/libarchive/decompressgunzip.c file of the UNIX utility command-line tool BusyBox is related to the use of a null pointer. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially created ZIP file...

ALPINE-CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

DEBIAN-CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

Updated libcryptopp packages fix security vulnerability

Crypto++'s Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds read when decompressing data CVE-2017-9434...

Itetris 1.6.1/1.6.2 Privileged Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2139/info Itetris, or Intelligent Tetris, is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video hardware when run by a regular...

Samhain Labs 1.x HSFTP Remote Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9715/info hsftp has been found to be prone to a remote print format string vulnerability. This issue is due to the application improper use of a format printing function. Ultimately this vulnerability could allow for...

rsync 2.3/2.4/2.5 Signed Array Index Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3958/info A vulnerability exists within some versions of rsync. Under some circumstances, a remotely supplied signed value is used as an array index, allowing NULL bytes to be written to arbitrary memory locations...

Fedora 18 : nginx-1.2.9-1.fc18 (2013-8182)

Update to upstream release 1.2.9 which fixes : - CVE-2013-2070 'denial of service or memory disclosure when using proxypass' fix build on platforms without gperftools Update to upstream release 1.4.0, which includes support for proxying of WebSocket connections, OCSP stapling, SPDY module, gunzip...

Fedora Update for boa FEDORA-2010-7645

Check for the Version of boa OpenVAS Vulnerability Test Fedora Update for boa FEDORA-2010-7645 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

[SECURITY] Fedora 12 Update: boa-0.94.14-0.15.rc21.fc12

Boa is a single-tasking HTTP server. That means that unlike traditional web servers, it does not fork for each incoming connection, nor does it fork ma ny copies of itself to handle multiple connections. It internally multiplexes all of the ongoing HTTP connections, and forks only for CGI program...

Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption

Added: 02/12/2010 CVE: CVE-2010-0031 BID: 38103 OSVDB: 62237 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability allows command execution when a user opens a PowerPoint file containing an...