Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Tenable Nessus
Tenable Nessusadded 2025/10/06 12:0 a.m.2 views

RockyLinux 10 : xz (RLSA-2025:7524)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7524 advisory. xz: XZ has a heap-use-after-free bug in threaded .xz decoder CVE-2025-31115 Tenable has extracted the preceding description block directly from the RockyLinux...

8.7CVSS6.7AI score0.00041EPSS
Exploits0References3
OSV
OSVadded 2025/10/03 7:56 p.m.3 views

RLSA-2025:7524 Important: xz security update

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: xz: XZ has a...

7.5CVSS7.5AI score0.00041EPSS
Exploits0References2
Rockylinux
Rockylinuxadded 2025/10/03 7:56 p.m.3 views

xz security update

An update is available for xz. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list XZ Utils is an integrated collection of user-space file compression utilities bas...

8.7CVSS7.5AI score0.00041EPSS
Exploits0
FreeBSD
FreeBSDadded 2025/07/02 12:0 a.m.7 views

FreeBSD -- Use-after-free in multi-threaded xz decoder

Problem Description: A worker thread could free its input buffer after decoding, while the main thread might still be writing to it. This leads to an use-after-free condition on heap memory. Impact: An attacker may use specifically crafted .xz file to cause multi-threaded xz decoder to crash, or...

8.7CVSS7.5AI score0.00041EPSS
Exploits0
Microsoft CVE
Microsoft CVEadded 2025/04/11 7:0 a.m.1 views

XZ has a heap-use-after-free bug in threaded .xz decoder

...

8.7CVSS7.8AI score0.00041EPSS
Exploits0
Mageia
Mageiaadded 2025/04/10 12:22 a.m.24 views

Updated xz packages fix security vulnerability

XZ has a heap-use-after-free bug in threaded .xz decoder. CVE-2025-31115...

8.7CVSS6.9AI score0.00041EPSS
Exploits0References2
OSV
OSVadded 2025/04/03 5:36 p.m.0 views

USN-7414-1 xz-utils vulnerability

Harri K. Koskinen discovered that XZ Utils incorrectly handled the threaded xz decoder. If a user or automated system were tricked into processing an xz file, a remote attacker could use this issue to cause XZ Utils to crash, resulting in a denial of service, or possibly execute arbitrary code...

8.7CVSS7.3AI score0.00041EPSS
Exploits0References2
Snyk
Snykadded 2025/04/02 9:0 p.m.2 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free when processing multiple threads in the workerdecoder function in streamdecodermt.c. An attacker can cause the input buffer to be freed while a worker-specific thread is still writing to it, triggering a crash. Note: The...

8.7CVSS7.7AI score0.00041EPSS
Exploits0References2
Rows per page
Query Builder