CVE-2026-39414

CVE-2026-39414 affects MinIO’s S3 Select CSV parsing. The CSV reader’s nextSplit() calls ReadBytes('\n') without a size limit, causing unbounded buffering and memory exhaustion (OOM) when processing long lines; a file with no newline can trigger a single large allocation. This can be exploited by...

[SECURITY] Fedora 43 Update: bcftools-1.23.1-1.fc43

BCFtools is a set of utilities that manipulate genomic variant calls in the Variant Call Format VCF and its binary counterpart BCF. All commands work transparently with both VCFs and BCFs, both uncompressed and BGZF-compressed. This BCFtools includes the polysomy subcommand, which is implemented...

PT-2026-6384

expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...

PT-2026-2292

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.30.1 Description A potential denial of service DoS condition exists in cpp-httplib due to the way it handles compressed HTTP request bodies, specifically those using gzip or br compression. The library checks th...

CVE-2025-66214

Ladybug adds message-based debugging, unit, system, and regression testing to Java applications. Versions prior to 3.0-20251107.114628 contain the APIs /iaf/ladybug/api/report/storage and /iaf/ladybug/api/report/upload, which allow uploading gzip-compressed XML files with user-controllable conten...

EUVD-2020-23546

Malware in sbrugna...

EUVD-2010-2338

Malware in sbrugna...

EUVD-2025-8616

Malicious code in bioql PyPI...

EUVD-2022-7486

Malicious code in bioql PyPI...

SUSE-SU-2025:02282-1 Security update for umoci

This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a regist...

CVE-2019-25072

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector...

CVE-2010-2328

The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...

CVE-2025-0986

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration...

CVE-2025-0986

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration...

CVE-2025-0986

CVE-2025-0986 affects IBM PowerVM Hypervisor FW1050.00–FW1050.30 and FW1060.00–FW1060.20. A local user, under certain Linux processor-compatibility mode configurations, can cause undetected data loss or errors when gzip is accelerated by hardware. IBM’s bulletin notes this is mitigated by upgradi...

CVE-2025-0986 IBM PowerVM Hypervisor data manipulation

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration...

CVE-2025-0986 IBM PowerVM Hypervisor data manipulation

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration...

IBM PowerVM Hypervisor 安全漏洞

IBM PowerVM Hypervisor is an application from International Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS features and leading performance of the Power Systems platform. A security vulnerability exists in IBM...

Fedora 41 : rust-routinator (2025-bbabead4d7)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-bbabead4d7 advisory. New ASPA support is now always compiled in and available if enable-aspa is set. The aspa Cargo feature has been removed. 990 If merging mutliple ASPA objects...

Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1863 Peplink Smart Reader web interface /cgi-bin/debugdump.cgi information disclosure vulnerability April 17, 2024 CVE Number CVE-2023-43491 SUMMARY An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of...