CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

[SECURITY] Fedora 34 Update: openvpn-2.5.6-1.fc34

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

The vulnerability of the VP9 video compression extension lies in improper code generation, which allows an attacker to execute arbitrary code.

The vulnerability of the VP9 video compression extension lies in improper code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...

Updated stunnel packages fix security vulnerability

Update to 5.62 including new features and bugfixes: Security bugfixes - The "redirect" option was fixed to properly handle unauthenticated requests bsc1182529. - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service bsc1181400. New features - Added new...

The vulnerability of the VP9 video compression extension lies in improper code generation, which allows an attacker to execute arbitrary code.

The vulnerability of the VP9 video compression extension lies in improper code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...

The vulnerability of the LZ4 compression codec in the ClickHouse database management system allows a hacker to execute arbitrary code.

The vulnerability of the LZ4 compression codec used by the ClickHouse database management system in OLAP queries is related to the possibility of buffer overflows in the queue. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

WMEye - A Post Exploitation Tool That Uses WMI Event Filter And MSBuild Execution For Lateral Movement

WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded/encrypted shellcode into remote targets WMI Class Property, create an event filter that when...

SUSE-RU-2022:0861-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: openssl-11: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. - Fix PAC pointer authentication in ARM bsc1195856 - Pull libopenssl-11 when updating openssl-11 with the same version bsc1195792 - FIPS:...

Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data

Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code. "The vulnerabilities require authentication,...

SUSE-SU-2022:0860-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: Security issue fixed: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. Non-security issues fixed: - Fix PAC pointer authentication in ARM. bsc1195856 - Pull libopenssl-11 when updating openssl-11 wit...

CVE-2021-42389

Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-43304

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits...

CVE-2021-43305

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits. This issu...

CVE-2021-42391

Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-42390

Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-43305

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits. This issu...

CVE-2021-42389

Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-43304

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits...

DEBIAN-CVE-2021-43305

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits. This issu...