3663 matches found
[SECURITY] Fedora 40 Update: javaewah-1.1.13-10.fc40
JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding RLE compression scheme. The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at...
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. This allows an adversary to exploit specific scenarios where the compression ratio becomes exceptionally high. As a resul...
PT-2024-2212
Name of the Vulnerable Software and Affected Versions jwx versions prior to 1.2.29 jwx versions prior to 2.0.21 Description This issue allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionall...
CVE-2024-28102
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. Poc python from...
GHSA-J857-7RVV-VJ97 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. Poc python from...
BIT-TENSORFLOW-2021-37637 Null pointer dereference in `CompressElement` in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...
PT-2024-2083
Name of the Vulnerable Software and Affected Versions jwcrypto versions prior to 1.5.6 Description The issue is related to an uncontrolled resource consumption in the jwcrypto library. An attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression...
Mhf - Mobile Helper Framework - A Tool That Automates The Process Of Identifying The Framework/Technology Used To Create A Mobile Application
Mobile Helper Framework is a tool that automates the process of identifying the framework/technology used to create a mobile application. Additionally, it assists in finding sensitive information or provides suggestions for working with the identified platform. How work? The tool searches for fil...
SUSE CVE-2023-52526
In the Linux kernel, the following vulnerability has been resolved: erofs: fix memory leak of LZMA global compressed deduplication When stressing microLZMA EROFS images with the new global compressed deduplication feature enabled -Ededupe, I found some short-lived temporary pages weren't properly...
DEBIAN-CVE-2023-52526
In the Linux kernel, the following vulnerability has been resolved: erofs: fix memory leak of LZMA global compressed deduplication When stressing microLZMA EROFS images with the new global compressed deduplication feature enabled -Ededupe, I found some short-lived temporary pages weren't properly...
CVE-2023-52497 erofs: fix lz4 inplace decompression
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...
CentOS 9 : curl-7.76.1-23.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the curl-7.76.1-23.el9 build changelog. - An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms,...
WordPress Plugin ImageRecycle pdf & image compression security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin ImageRecycle pdf & image compression security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin ImageRecycle pdf & image compression security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin ImageRecycle pdf & image compression security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin ImageRecycle pdf & image compression security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin ImageRecycle pdf & image compression security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CentOS 9 : curl-7.76.1-20.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the curl-7.76.1-20.el9 build changelog. - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...