35 matches found
CVE-2026-31248
Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...
CVE-2026-31248
Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...
CVE-2026-35465
SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...
EUVD-2020-30163
Malware in sbrugna...
EUVD-2006-4325
Malware in sbrugna...
CVE-2020-9342
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 on Linux of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper...
Linux Distros Unpatched Vulnerability : CVE-2006-4335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Array index error in the maketable function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows...
GHSA-MR7H-W2QC-FFC2 pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...
Okio Signed to Unsigned Conversion Error vulnerability
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class...
CVE-2023-3635
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class...
CVE-2023-3635
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class...
CVE-2023-3635 Okio GzipSource unhandled exception Denial of Service
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class...
CVE-2023-3635 Okio GzipSource unhandled exception Denial of Service
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class...
CVE-2023-3635
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-2683)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request...
CVE-2020-9342
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 on Linux of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper...
CVE-2020-9342
Summary: CVE-2020-9342 affects the F-Secure AV parsing engine prior to 2020-02-05, enabling a virus-detection bypass via crafted Compression Method data in a GZIP archive. Affected products/versions include Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper on Lin...
CVE-2020-9342
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 on Linux of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper...
Fedora Update for kdeutils FEDORA-2010-6096
Check for the Version of kdeutils OpenVAS Vulnerability Test Fedora Update for kdeutils FEDORA-2010-6096 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Debian DSA-1974-1 : gzip - several vulnerabilities
Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2624 Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic...