PT-2025-51675

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The crypto/zstd module contains a flaw where per-CPU streams can be freed multiple times, leading to a double-free issue. This occurs when multiple transform contexts tfms are allocated...

[SECURITY] Fedora 43 Update: python-urllib3-2.6.1-1.fc43

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

UBUNTU-CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

TencentOS Server 3: mysql:8.0 (TSSA-2024:0079)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0079 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

EUVD-2023-0287

Malicious code in bioql PyPI...

EUVD-2023-50468

Malicious code in bioql PyPI...

Malicious code in zstd-jni (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6861 Malicious code in zstd-jni (npm)

The package communicates with a domain associated with malicious activity...

Security update for umoci

This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a regist...

Alibaba Cloud Linux 3 : 0032: mysql:8.0 (ALINUX3-SA-2024:0032)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0032 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-4899: A vulnerability was found i...

OSV-2025-312 Heap-buffer-overflow in ZSTD_decompressMultiFrame

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=414856644 Crash type: Heap-buffer-overflow READ 1 Crash state: ZSTDdecompressMultiFrame ZSTDdecompressDCtx zstdwrapdecompress...

PT-2025-31420 · Git · C-Blosc2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=414856644 Crash type: Heap-buffer-overflow READ 1 Crash state: ZSTD decompressMultiFrame ZSTD decompressDCtx zstd wrap decompress...

com.weicoder:seata (>=3.5.1 <=3.6.2), io.seata:seata-compressor-all (>=1.5.0 <=2.0.0) +7 more potentially affected by CVE-2024-54016 via io.seata:seata-compressor-zstd (>=1.5.0 <=2.0.0)

io.seata:seata-compressor-zstd MAVEN version =1.5.0, =3.5.1, =1.5.0, =1.5.0, =1.8.0, =1.5.0, =1.7.0, =1.8.0, =2.0.0 Source cves: CVE-2024-54016 Source advisory: SNYK:JAVA-IOSEATA-9521514...

io.xuxiaowei.seata:seata-server (>=2.1.0 <=2.2.0), org.apache.seata:seata-compressor-all (>=2.1.0 <=2.2.0) +5 more potentially affected by CVE-2024-54016 via org.apache.seata:seata-compressor-zstd (>=2.1.0 <=2.2.0)

org.apache.seata:seata-compressor-zstd MAVEN version =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.2.0 Source cves: CVE-2024-54016 Source advisory: SNYK:JAVA-ORGAPACHESEATA-9521513...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in ZstdUtil. An attacker can cause degradation in performance by sending very large compressed data. Remediation There is no fixed version for io.seata:seata-compressor-zstd...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases / ceph / zstd (CVE-2021-24032)

The version of CBL-Mariner Releases / ceph / zstd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-24032 advisory. - Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for...

Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

python3.12-urllib3 security update

An update is available for python3.12-urllib3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list urllib3 is a powerful, user-friendly HTTP client for Python. urlli...

Photon OS 3.0: Zstd PHSA-2022-3.0-0431

An update of the zstd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0431. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...