85 matches found
Unfurl's unbounded zlib decompression allows decompression bomb DoS
Summary The compressed data parser uses zlib.decompress without a maximum output size. A small, highly compressed payload can expand to a very large output, causing memory exhaustion and denial of service. Details - unfurl/parsers/parsecompressed.py calls zlib.decompressdecoded with no size limit...
MiracleLinux 9 : gstreamer1-plugins-good-1.18.4-6.el9 (AXSA:2023-5649:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5649:01 advisory. gstreamer-plugins-good: Potential heap overwrite in gstmatroskademuxaddwvpkheader CVE-2022-1920 gstreamer-plugins-good: Heap-based buffer overflow i...
Exploit for CVE-2025-14847
CVE-2025-14847 MongoBleed MongoDB zlib Compression Memory...
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 CVSS score: 8.7, which allows an unauthenticated attacker to...
Exploit for CVE-2025-14847
CVE-2025-14847 – MongoDB Unauthenticated Memory‑Leak Exploit...
Exploit for CVE-2025-14847
🩸 MongoBleed - CVE-2025-14847 Security Research Lab...
Exploit for CVE-2025-14847
mongobleed CVE-2025-14847 - MongoDB Unauthenticated Memor...
EUVD-2022-34408
Malicious code in bioql PyPI...
EUVD-2022-25194
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-38657
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to...
CVE-2025-25293 ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
Summary ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. Ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before...
RHEL 8 : gstreamer-plugins-good (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - gstreamer-plugins-good: Heap corruption in matroska demuxing CVE-2021-3498 Note that Nessus has not tested for this...
DEBIAN-CVE-2023-38657
An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...
UBUNTU-CVE-2023-38657
An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...
PT-2024-12755 · Gtkwave · Gtkwave
Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: A specially crafted .lxt2 file can lead to arbitrary code execution due to an out-of-bounds write vulnerability in the LXT2 zlib block decompression functionality. A victim would need to open a malicious...
Oracle Linux 7 : wireshark (ELSA-2020-1047)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1047 advisory. - Resolves: 1557212 - CVE-2018-7418 SIGCOMP dissector crash in packet-sigcomp.c - Resolves: 1588208 - CVE-2018-11362 Out-of-bounds Read in packet-ldss....
AlmaLinux 9 : gstreamer1-plugins-good (ALSA-2023:2260)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2260 advisory. - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing matroska files. Potentia...
RHEL 9 : gstreamer1-plugins-good (RHSA-2023:2260)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2260 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contai...
gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression
A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the qt demuxer when processing a specially crafted QuickTime/MP4 file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution...