UBUNTU-CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

libXpm -- Issues handling XPM files

The X.Org project reports: CVE-2022-46285: Infinite loop on unclosed comments When reading XPM images from a file with libXpm 3.5.14 or older, if a comment in the file is not closed i.e. a C-style comment starts with "/" and is missing the closing "/", the ParseComment function will loop forever...

Bkcrack - Crack Legacy Zip Encryption With Biham And Kocher's Known Plaintext Attack

Crack legacy zip encryption with Biham and Kocher's known plaintext attack. Overview A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a password-based Encryption Algorithm symmetric encryption algorithm referred ...

Path Traversal - Archiving Files to Zip

Description The Tiny File Manager pack files feature is vulnerable to path traversal, which allows an attacker to access files that reside outside the web document root directory. The vulnerability occurs as the "file" parameter is not sanitized properly, thus allowing a malicious user to input...

zlib bug fix and enhancement update

An update is available for zlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The zlib packages provide a general-purpose lossless data compression library th...

curl: CVE-2023-23916: HTTP multi-header compression denial of service

An HTTP multi-header compression denial of service vulnerability was discovered that allowed an attacker to send an HTTP response with many occurrences of Transfer-Encoding and/or Content-Encoding headers, consuming all available memory and causing a denial of service. The vulnerability was patch...

GHSA-3FM3-M23V-5R46 Tendermint Client package vulnerable to Uncontrolled Resource Consumption

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2872)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2890)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-25072

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector...

CVE-2019-25072 Uncontrolled resource consumption in github.com/tendermint/tendermint

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector...

CVE-2019-25072 Uncontrolled resource consumption in github.com/tendermint/tendermint

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector...

CVE-2019-25072

CVE-2019-25072 describes an uncontrolled resource consumption vulnerability in Tendermint/tendermint due to support of gzip compression in request bodies and no limit on response body sizes. A malicious server can cause a target client to exhaust CPU/memory, enabling a denial-of-service vector. T...

CVE-2019-25072

Removed by vendor...

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2022-2890)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate...

CLSA-2022-1671481111 openssh: Fix of 2 CVEs

CVE-2019-6109: verify character encoding in progress display to avoid spoofing of scp client output - CVE-2016-10012: updated to fix server-side protocol errors observed during rekeying with compression enabled...

[SECURITY] Fedora 37 Update: sfnt2woff-zopfli-1.3.1-3.fc37

This is a modified version of the sfnt2woff utility that uses Zopfli as a compression algorithm instead of zlib. This results in compression gains of =EF=BF=BD=EF=BF=BD=EF=BF=BD on average =EF=BF=BD=EF=BF=BD=EF=BF=BD 5-8% compared to regular WOFF files. Z opfli generates compressed output that is...

[SECURITY] Fedora 36 Update: sfnt2woff-zopfli-1.3.1-3.fc36

This is a modified version of the sfnt2woff utility that uses Zopfli as a compression algorithm instead of zlib. This results in compression gains of =EF=BF=BD=EF=BF=BD=EF=BF=BD on average =EF=BF=BD=EF=BF=BD=EF=BF=BD 5-8% compared to regular WOFF files. Z opfli generates compressed output that is...

[SECURITY] Fedora 35 Update: sfnt2woff-zopfli-1.3.1-3.fc35

This is a modified version of the sfnt2woff utility that uses Zopfli as a compression algorithm instead of zlib. This results in compression gains of =EF=BF=BD=EF=BF=BD=EF=BF=BD on average =EF=BF=BD=EF=BF=BD=EF=BF=BD 5-8% compared to regular WOFF files. Z opfli generates compressed output that is...

Fedora: Security Advisory for sfnt2woff-zopfli (FEDORA-2022-f0980dffd1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...