PDF Light Viewer < 1.4.12 - Authenticated Command Injection

The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. PoC 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...

PDF Light Viewer < 1.4.12 - Authenticated Command Injection

The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...

CVE-2021-23044

On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology QAT compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition VE platforms, undisclose...

CVE-2021-23044

CVE-2021-23044 affects BIG-IP platforms when the Intel QuickAssist Technology (QAT) compression driver is used. The vulnerability can cause the Traffic Management Microkernel (TMM) to terminate, potentially disrupting traffic and causing DoS. Affected branches include BIG-IP 16.x prior to 16.1.0,...

Fedora: Security Advisory for ntfs-3g-system-compression (FEDORA-2021-38d1b07839)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for ntfs-3g-system-compression (FEDORA-2021-4dd269a76c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: ntfs-3g-system-compression-1.0-7.fc35

System compression, also known as "Compact OS", is a Windows feature that allows rarely modified files to be compressed using the XPRESS or LZX compression formats. It is not built directly into NTFS but rather is implemented using reparse points. This feature appeared in Windows 10 and it appear...

[SECURITY] Fedora 33 Update: ntfs-3g-system-compression-1.0-7.fc33

System compression, also known as "Compact OS", is a Windows feature that allows rarely modified files to be compressed using the XPRESS or LZX compression formats. It is not built directly into NTFS but rather is implemented using reparse points. This feature appeared in Windows 10 and it appear...

Fedora: Security Advisory for ntfs-3g-system-compression (FEDORA-2021-c0235d9d79)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: ntfs-3g-system-compression-1.0-7.fc34

System compression, also known as "Compact OS", is a Windows feature that allows rarely modified files to be compressed using the XPRESS or LZX compression formats. It is not built directly into NTFS but rather is implemented using reparse points. This feature appeared in Windows 10 and it appear...

Security update for dovecot23 (moderate)

openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2021:1225-1 Rating: moderate References: 1187418 1187419 1187420 SLE-19970 Cross-References: CVE-2020-28200 CVE-2021-29157 CVSS scores: CVE-2020-28200 NVD : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L...

SUSE-SU-2021:2892-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...

Security update for dovecot23 (moderate)

openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2021:2892-1 Rating: moderate References: 1187418 1187419 1187420 SLE-19970 Cross-References: CVE-2020-28200 CVE-2021-29157 CVSS scores: CVE-2020-28200 NVD : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L...

F5 BIG-IP compression driver denial of service vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP compression driver denial of service vulnerability, on platforms using Intel QuickAssist Technology QAT compression...

GHSA-369H-PJR2-6WRH Uncontrolled recursion in trust-dns-proto

There's a stack overflow leading to a crash when Trust-DNS's parses a malicious DNS packet. Affected versions of this crate did not properly handle parsing of DNS message compression RFC1035 section 4.1.4. The parser could be tricked into infinite loop when a compression offset pointed back to th...

Uncontrolled recursion in trust-dns-proto

There's a stack overflow leading to a crash when Trust-DNS's parses a malicious DNS packet. Affected versions of this crate did not properly handle parsing of DNS message compression RFC1035 section 4.1.4. The parser could be tricked into infinite loop when a compression offset pointed back to th...

DNSMonster - Passive DNS Capture/Monitoring Framework

Passive DNS collection and monitoring built with Golang, Clickhouse and Grafana: dnsmonster implements a packet sniffer for DNS traffic. It can accept traffic from a pcap file, a live interface or a dnstap socket, and can be used to index and store thousands of DNS queries per second it has shown...

F5 BIG-IP 输入验证错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP compression driver denial of service vulnerability, on platforms using Intel QuickAssist Technology QAT compression...

CVE-2020-25767

An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnccopyin routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet e.g., forward compression pointer jumps are allowed, which leads to an Out-of-bounds...

CVE-2020-25767

CVE-2020-25767 affects HCC Embedded InterNiche/NicheStack (IPv4) prior to 4.3. The root cause is in the dnc_copy_in DNS domain name parser, which fails to validate that compression pointers stay within packet bounds, enabling an out-of-bounds read and potential DoS via crafted DNS data. Affected ...