Important: amazon-ecr-credential-helper

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: amazon-ecr-credential-helper Issue Correction: Run dnf update amazon-ecr-credential-helper --releasever 2023.1.20230906 or dnf update --advisory ALAS2023-2023-337 --releasever 2023.1.202309...

CVE-2023-40196

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin = 3.1.11 versions...

CVE-2023-40196

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin = 3.1.11 versions...

CVE-2023-40196 WordPress ImageRecycle pdf & image compression Plugin <= 3.1.11 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin = 3.1.11 versions...

CVE-2023-40196

CVE-2023-40196 describes an unauthenticated Reflected Cross-Site Scripting (XSS) in the WordPress plugin ImageRecycle pdf & image compression (versions

CVE-2023-30494

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin = 3.1.10 versions...

WordPress plugin ImageRecycle pdf & image compression cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 En este caso, os comparto los archivos necesar...

GO-2023-1664 Denial of service via deflate compression bomb in github.com/crewjam/saml

Denial of service via deflate compression bomb in github.com/crewjam/saml...

CVE-2020-22916

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a...

UBUNTU-CVE-2020-22916

DISPUTED An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is ofte...

Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection

Threat actors are using Android Package APK files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on t...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.11 is vulnerable to Cross Site Scripting (XSS)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.11 Fixed in 3.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a5e55d72b53...

AZL-39394 CVE-2023-33953 affecting package python-tensorboard for versions less than 2.11.0-2

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption ...

DEBIAN-CVE-2023-33953

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption ...

WordPress WordPress Image Compression and Optimizer Plugin – CheetahO Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Image Compression and Optimizer Plugin – CheetahO Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID...

curl: HTTP multi-header compression denial of service

A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors...

The vulnerability of the VP9 video compression extension lies in its insufficient protection of service data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the VP9 video compression extension lies in the insufficient protection of service data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information by downloading a specially created malicious file...

GHSA-CFGP-2977-2FMM Connection confusion in gRPC

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2262)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...