CVE-2024-33847 f2fs: compress: don't allow unaligned truncation on released compress inode

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extraattr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file -...

CVE-2024-33847 f2fs: compress: don't allow unaligned truncation on released compress inode

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extraattr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file -...

CVE-2024-33847 f2fs: compress: don't allow unaligned truncation on released compress inode

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extraattr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file -...

WordPress Smush Image Compression and Optimization Plugin <= 3.16.4 is vulnerable to Broken Access Control

Software Smush Image Compression and Optimization Type Plugin Vulnerable versions = 3.16.4 Fixed in 3.16.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3352 Patch priority Low CVSS severity Low 5.4 Developer WPMU DEV PSID d6c54863dce8 Credits Truoc Phan...

CyberChef - The Cyber Swiss Army Knife - A Web App For Encryption, Encoding, Compression And Data Analysis

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...

GO-2024-2911 go-grpc-compression has a zstd decompression bombing vulnerability in github.com/mostynb/go-grpc-compression

go-grpc-compression has a zstd decompression bombing vulnerability in github.com/mostynb/go-grpc-compression...

GHSA-87M9-RV8P-RGMG go-grpc-compression has a zstd decompression bombing vulnerability

Impact A malicious user could cause a denial of service DoS when using a specially crafted gRPC request. The decompression mechanism for zstd did not respect the limits imposed by gRPC, allowing rapid memory usage increases. Versions v1.1.4 through to v1.2.2 made use of the Decoder.DecodeAll...

go-grpc-compression has a zstd decompression bombing vulnerability

Impact A malicious user could cause a denial of service DoS when using a specially crafted gRPC request. The decompression mechanism for zstd did not respect the limits imposed by gRPC, allowing rapid memory usage increases. Versions v1.1.4 through to v1.2.2 made use of the Decoder.DecodeAll...

Fedora: Security Advisory for rust-szip (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rust-libcramjam (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rust-weezl (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-C74F-6MFW-MM4V Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

CVE-2024-36124

A flaw was found in the iq80 Snappy compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed, and thi...

openSUSE 15 Security Update : python-python-jose (openSUSE-SU-2024:0149-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0149-1 advisory. - CVE-2024-33664: Fixed a denial of service via decoding of a JSON Web Encryption token with a high compression ratio boo1223422 Tenable has extracted th...

CVE-2024-36124

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

CVE-2024-36124

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

RHEL 6 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: loading of untrusted PKCS11 modules in ssh-agent CVE-2016-10009 - openssh: Bounds check can be...

[SECURITY] Fedora 39 Update: rust-weezl-0.1.8-2.fc39

Fast LZW compression and decompression...

[SECURITY] Fedora 39 Update: rust-szip-1.0.0-7.fc39

A fast command line tool for snappy compression and decompression...

[SECURITY] Fedora 39 Update: rust-oxipng-9.1.1-3.fc39

A lossless PNG compression optimizer...