CVE-2026-40192 Pillow is vulnerable to a FITS GZIP decompression bomb

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

EUVD-2007-2226

Malware in sbrugna...

Exploit for Deserialization of Untrusted Data in Microsoft

OurSharePoint - CVE-2025-53770 PoC This is a simple C tool...

GHSA-6W62-3JVJ-MFJ6 H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

SUSE CVE-2007-2231

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped .gz mailboxes mbox files via a .. dot dot sequence in the mailbox name...

[SECURITY] Fedora 35 Update: gzip-1.10-6.fc35

The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your system, because it is a very commonly used data compression program...

UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download

The plugins do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database backup. from io import StringIO import requests import gzip import js...

[SECURITY] Fedora 28 Update: perl-Archive-Tar-2.28-1.fc28

Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support...

Circle with Disney Configuration Restore Photos File Overwrite Vulnerability(CVE-2017-2916)

Summary An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circ...

openSUSE Security Update : librsvg (openSUSE-2016-608)

This librsvg update to version 2.40.15 fixes the following issues : Security issues fixed : - CVE-2016-4348: DoS parsing SVGs with circular definitions rsvgcssnormalizefontsize function boo977986 Bugs fixed : - Actually scale the image if required, regression fix from upstream git bgo760262. -...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:0174-1)

Fix a file conflict between -devel and -headless package - Update to 2.4.4 bnc858818 - changed from xz to gzipped tarball as the first was not available during update - changed a keyring file due release manager change new one is signed by 66484681 from [email protected], see...

qEngine CMS 6.0.0 Database Backup Disclosure

$total return; ifempty$starttime $starttime=time; $now = time; $perc=double$d...

Fedora Update for gzip FEDORA-2010-0884

Check for the Version of gzip OpenVAS Vulnerability Test Fedora Update for gzip FEDORA-2010-0884 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Directory traversal in dovecot with zlib plugin

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped .gz mailboxes mbox files via a .. dot dot sequence in the mailbox name...

CVE-2007-6537

CVE-2007-6537 affects WinUAE 1.4.4 and earlier. A stack-based buffer overflow in the zfile_gunzip function (zfile.c) can be triggered by a long filename inside a gzipped archive (gz/adz/roz/hdz) embedded in a compressed floppy disk image, permitting user-assisted remote code execution. The vulner...

CVE-2007-6537

Stack-based buffer overflow in the zfilegunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a 1 gz, 2 adz, 3 roz, or 4 hdz archive in a compressed floppy disk image...

Design/Logic Flaw

The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element...

CVE-2007-4600 - Mathcad Protect Worksheet Vulnerability

Mathcad Security Vulnerability Briefing - CVE-2007-4600 Synopsis of Vulnerability ========================== The ‘Protect Worksheet’ functionality, used to protect sections Mathcad sheets from alterations, in versions 12 through 14 is easily bypassed allowing access to the protected data due to t...

DEBIAN-CVE-2007-2231

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped .gz mailboxes mbox files via a .. dot dot sequence in the mailbox name...

Directory traversal

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped .gz mailboxes mbox files via a .. dot dot sequence in the mailbox name...