Lucene search
K

85 matches found

Github Security Blog
Github Security Blog
added 2026/01/29 3:31 p.m.9 views

Unfurl's unbounded zlib decompression allows decompression bomb DoS

Summary The compressed data parser uses zlib.decompress without a maximum output size. A small, highly compressed payload can expand to a very large output, causing memory exhaustion and denial of service. Details - unfurl/parsers/parsecompressed.py calls zlib.decompressdecoded with no size limit...

8.7CVSS5.9AI score0.00508EPSS
Exploits1References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : gstreamer1-plugins-good-1.18.4-6.el9 (AXSA:2023-5649:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5649:01 advisory. gstreamer-plugins-good: Potential heap overwrite in gstmatroskademuxaddwvpkheader CVE-2022-1920 gstreamer-plugins-good: Heap-based buffer overflow i...

7.8CVSS5.9AI score0.00465EPSS
Exploits7References8
GithubExploit
GithubExploit
added 2025/12/31 3:37 p.m.192 views

Exploit for CVE-2025-14847

CVE-2025-14847 MongoBleed MongoDB zlib Compression Memory...

8.7CVSS7AI score0.83007EPSS
Exploits39
The Hacker News
The Hacker News
added 2025/12/29 9:46 a.m.19 views

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 CVSS score: 8.7, which allows an unauthenticated attacker to...

8.7CVSS7.1AI score0.83007EPSS
Exploits39
GithubExploit
GithubExploit
added 2025/12/29 3:20 a.m.266 views

Exploit for CVE-2025-14847

CVE-2025-14847 – MongoDB Unauthenticated Memory‑Leak Exploit...

8.7CVSS6.8AI score0.83007EPSS
Exploits39
GithubExploit
GithubExploit
added 2025/12/28 11:7 p.m.328 views

Exploit for CVE-2025-14847

🩸 MongoBleed - CVE-2025-14847 Security Research Lab...

8.7CVSS7.5AI score0.83007EPSS
Exploits39
GithubExploit
GithubExploit
added 2025/12/26 12:30 a.m.176 views

Exploit for CVE-2025-14847

mongobleed CVE-2025-14847 - MongoDB Unauthenticated Memor...

8.7CVSS7AI score0.83007EPSS
Exploits39
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-34408

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00437EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-25194

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00435EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-38657

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to...

7.8CVSS7.4AI score0.00432EPSS
Exploits1References2
OSV
OSV
added 2025/03/12 8:11 p.m.21 views

CVE-2025-25293 ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...

8.7CVSS8.5AI score0.01359EPSS
Exploits1References13
RubySec
RubySec
added 2025/03/12 12:0 a.m.14 views

Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses

Summary ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. Ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before...

8.7CVSS9.3AI score0.01359EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.22 views

RHEL 8 : gstreamer-plugins-good (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - gstreamer-plugins-good: Heap corruption in matroska demuxing CVE-2021-3498 Note that Nessus has not tested for this...

7.8CVSS7AI score0.0177EPSS
Exploits0References1
OSV
OSV
added 2024/01/08 3:15 p.m.1 views

DEBIAN-CVE-2023-38657

An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

7.8CVSS8.1AI score0.00432EPSS
Exploits1References1
OSV
OSV
added 2024/01/08 3:15 p.m.3 views

UBUNTU-CVE-2023-38657

An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

7.8CVSS7.5AI score0.00432EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.4 views

PT-2024-12755 · Gtkwave · Gtkwave

Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: A specially crafted .lxt2 file can lead to arbitrary code execution due to an out-of-bounds write vulnerability in the LXT2 zlib block decompression functionality. A victim would need to open a malicious...

7.8CVSS8.2AI score0.01493EPSS
Exploits82References132
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.34 views

Oracle Linux 7 : wireshark (ELSA-2020-1047)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1047 advisory. - Resolves: 1557212 - CVE-2018-7418 SIGCOMP dissector crash in packet-sigcomp.c - Resolves: 1588208 - CVE-2018-11362 Out-of-bounds Read in packet-ldss....

7.8CVSS6.5AI score0.03773EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2023/05/14 12:0 a.m.31 views

AlmaLinux 9 : gstreamer1-plugins-good (ALSA-2023:2260)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2260 advisory. - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing matroska files. Potentia...

7.8CVSS8.3AI score0.00465EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2023/05/13 12:0 a.m.21 views

RHEL 9 : gstreamer1-plugins-good (RHSA-2023:2260)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2260 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contai...

7.8CVSS7.9AI score0.00465EPSS
Exploits7References18
RedHat Linux
RedHat Linux
added 2023/05/09 10:1 a.m.5 views

gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the qt demuxer when processing a specially crafted QuickTime/MP4 file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution...

7.8CVSS6.1AI score0.00437EPSS
Exploits1References4
Rows per page
Query Builder