mariadb: compress_write() fails to release mutex on failure

In MariaDB before 10.9.2, compresswrite in extra/mariabackup/dscompress.cc does not release datamutex upon a stream write failure, which allows local users to trigger a deadlock...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

Cisco IOS XR Software Compression ACL Bypass (cisco-sa-comp3acl-vGmp6BQ3)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the classic access control list ACL compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL o...

Rocky Linux 9 : curl (RLSA-2022:6157)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6157 advisory. - curl 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with differen...

F5 Networks BIG-IP : BIG-IP compression driver vulnerability (K35408374)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.2 / 15.1.3.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K35408374 advisory. - On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x...

The vulnerability of the HPACK decoder in the Golang programming language, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the HPACK decoder in the Golang programming language is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a local attacker to cause service failures...

CVE-2022-24402

The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks...

CVE-2022-24402

The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks...

SUSE-SU-2023:4129-1 Security update for tomcat

This update for tomcat fixes the following issues: Tomcat was updated to version 9.0.82 jscPED-6376, jscPED-6377: - Security issues fixed: CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. bsc1214666 CVE-2023-44487: Fix HTTP/2 Rapid Reset Attack. bsc1216182 - Update to...

zchunk Input Validation Error Vulnerability

zchunk is a compressed file format from zchunk open source. A security vulnerability exists in zchunk that stems from multiple integer overflows in lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c. The vulnerability is caused by the presence of an integer overflow in the...

What is WAN Acceleration?

Hook: Network Sluggish? Learn What WAN Acceleration Is Ever been in a virtual meeting that froze at the worst possible moment? Or had your staff grumble about slow data transfers that are as slow as molasses? If your answer is a weary "yes," it's high time to turn your eyes toward WAN Acceleratio...

Fedora: Security Advisory for libwebp (FEDORA-2023-e692a72898)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: libwebp-1.3.2-2.fc37

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

SUSE-RU-2023:3956-1 Recommended update for mariadb104

This update for mariadb104 fixes the following issues: - Implement version 10.4 of MariaDB jscPED-2455: It is possible to use more than one authentication plugin for each user account. The root user account is being created with the ability to use two authentication plugins. All user accounts,...

[SECURITY] Fedora 39 Update: libwebp-1.3.2-2.fc39

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

CVE-2023-43642

A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service DoS...

Fedora: Security Advisory for libwebp (FEDORA-2023-2a0668fe43)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: libwebp-1.3.2-2.fc38

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

CVE-2023-44216

PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...