Количество 924
Количество 924
SUSE-SU-2019:2013-1
Security update for bzip2
SUSE-SU-2019:2004-1
Security update for bzip2
SUSE-SU-2019:1846-1
Security update for bzip2
SUSE-SU-2019:14139-1
Security update for bzip2
SUSE-SU-2019:1206-2
Security update for bzip2
SUSE-SU-2019:1206-1
Security update for bzip2
RLSA-2025:0925
Moderate: bzip2 security update
RLSA-2025:0733
Moderate: bzip2 security update
RLSA-2024:8922
Low: bzip2 security update
GHSA-xv6x-43gq-4hfj
PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection
GHSA-w829-6hpw-frjf
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
GHSA-w3v2-46wf-pq33
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
GHSA-v3g4-2m5p-cjh4
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
GHSA-qm57-vhq3-3fwf
Header injection possible in Django
GHSA-p8vw-m6qq-w42v
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
GHSA-mj5j-j2qm-c8g4
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.
GHSA-mg3q-2g68-qp7w
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
GHSA-j686-6fc2-2525
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
GHSA-h33x-58qw-vqrp
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
GHSA-gf62-w85x-fjpv
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2019:2013-1 Security update for bzip2 | 1% Низкий | больше 6 лет назад | |
| SUSE-SU-2019:2004-1 Security update for bzip2 | 1% Низкий | больше 6 лет назад | |
| SUSE-SU-2019:1846-1 Security update for bzip2 | 1% Низкий | больше 6 лет назад | |
| SUSE-SU-2019:14139-1 Security update for bzip2 | 1% Низкий | больше 6 лет назад | |
| SUSE-SU-2019:1206-2 Security update for bzip2 | 24% Средний | больше 6 лет назад | |
| SUSE-SU-2019:1206-1 Security update for bzip2 | 24% Средний | почти 7 лет назад | |
 | RLSA-2025:0925 Moderate: bzip2 security update | 1% Низкий | около 1 года назад | |
| RLSA-2025:0733 Moderate: bzip2 security update | 1% Низкий | около 1 года назад | |
| RLSA-2024:8922 Low: bzip2 security update | 1% Низкий | больше 1 года назад | |
| GHSA-xv6x-43gq-4hfj PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection | 1% Низкий | почти 4 года назад | |
| GHSA-w829-6hpw-frjf In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. | CVSS3: 7.5 | 0% Низкий | почти 4 года назад |
| GHSA-w3v2-46wf-pq33 expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. | 0% Низкий | почти 4 года назад | |
| GHSA-v3g4-2m5p-cjh4 An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. | CVSS3: 9.8 | 2% Низкий | почти 4 года назад |
| GHSA-qm57-vhq3-3fwf Header injection possible in Django | CVSS3: 6.1 | 3% Низкий | почти 5 лет назад |
| GHSA-p8vw-m6qq-w42v read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| GHSA-mj5j-j2qm-c8g4 In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. | CVSS3: 7.8 | 0% Низкий | почти 4 года назад |
| GHSA-mg3q-2g68-qp7w Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | CVSS3: 6.5 | 24% Средний | почти 4 года назад |
| GHSA-j686-6fc2-2525 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | CVSS3: 9.8 | 1% Низкий | почти 4 года назад |
| GHSA-h33x-58qw-vqrp Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | CVSS3: 7.5 | 1% Низкий | почти 4 года назад |
| GHSA-gf62-w85x-fjpv python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | CVSS3: 7.5 | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу