38 matches found
CVE-2026-57453
A security vulnerability exists in the Vim text editor. If a user opens a specially crafted ZIP file in Vim, it can trick the application into running hidden, harmful commands on their computer. This specific issue is only triggered if Vim relies on PowerShell to open the ZIP file...
CI4MS 代码问题漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS from 0.26.0.0 to 0.31.7.0 had code-related vulnerabilities. These vulnerabilities stemmed from the theme upload feature not filtering PHP files within ZIP files. This could allow authenticated users to execute...
SUSE-SU-2026:21013-1 Security update for zlib
This update for zlib fixes the following issues: - CVE-2026-27171: Fixed an infinite loop via the crc32combine64 and crc32combinegen64 functions due to missing checks for negative lengths. bsc1258392 - CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in...
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1345)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to...
MiracleLinux 9 : golang-1.21.11-1.el9_4 (AXSA:2024-8506:06)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8506:06 advisory. golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped...
MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8686:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8686:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python3 (UTSA-2025-992142)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992142 advisory. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2021-3572...
SUSE-SU-2025:21199-1 Security update for python311
This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD is not checked by the 'zipfile' module bsc1251305. - CVE-2025-6075: Fixed the value passed to os.path.expandvars is user-controlled a performance...
Amazon Linux 2 : python3, --advisory ALAS2-2025-3041 (ALAS-2025-3041)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3041 advisory. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not...
Medium: python3
Issue Overview: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be...
EUVD-2018-2573
Malware in sbrugna...
EUVD-2022-41831
Malicious code in bioql PyPI...
EUVD-2024-22166
Malicious code in bioql PyPI...
(0Day) Google Drive ZIP File Mark-of-the-Web Bypass Remote Code Execution Vulnerability
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Google Drive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
TencentOS Server 3: go-toolset (TSSA-2024:0311)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0311 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2020-14067
The installfromhash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in checkupload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php...
RockyLinux 8 : grafana (RLSA-2024:5291)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5291 advisory. golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789...
CVE-2024-7773
Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...
RLSA-2024:9102 Moderate: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: Symlink error leads to information disclosure CVE-2022-4122 containers/image:...