netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

The vulnerability of the ZRAM module in Linux operating systems, Ubuntu, and OpenSUSE Leap allows a hacker to cause a system failure.

The vulnerability of the ZRAM module in Linux operating systems, such as Ubuntu and OpenSUSE Leap, involves an uncontrolled consumption of resources. Exploiting this vulnerability can allow attackers to cause service failures...

Reproxy - Simple Edge Server / Reverse Proxy

Reproxy is a simple edge HTTPs server / reverse proxy supporting various providers docker, static, file. One or more providers supply information about requested server, requested url, destination url and health check url. Distributed as a single binary or as a docker container. Automatic SSL...

VulnCheck KEV: CVE-2020-8260

Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction...

GO-2020-0037 Uncontrolled resource consumption in github.com/tendermint/tendermint

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector...

PT-2021-9103 · Go +5 · Github.Com/Tendermint/Tendermint +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the support of Gzip compression in request bodies and the lack of limiting response body sizes. This can allow a malicious serve...

How the NAME:WRECK Bugs Impact Consumers, Businesses

Researchers estimate more than 100 million internet-connected devices are vulnerable to a class of flaws dubbed NAME:WRECK. Devices ranging from smartphones, aircraft navigation systems and industrial internet of things IIoT endpoints are vulnerable to either a denial-of-service DoS or remote...

The vulnerability of the implementation of the file compression method using Zip scanning per scanline (ImfScanLineInputFile.cpp) in the OpenEXR library allows a hacker to cause a service failure.

The vulnerability of the Zip file compression method implemented using the scanline parameter ImfScanLineInputFile.cpp in the OpenEXR library is related to an uncontrolled resource consumption when processing the todata-linesInBuffer parameter. Exploiting this vulnerability could allow an attacke...

The vulnerability of the B44 data compression function (OpenEXR/IlmImf/ImfB44Compressor.cpp) in the OpenEXR library allows a hacker to trigger a service failure.

The vulnerability of the B44 data compression function OpenEXR/IlmImf/ImfB44Compressor.cpp in the OpenEXR library is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to cause service failures by creating specially crafted EXR files...

CVE-2021-24220

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

Design/Logic Flaw

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

ALBA-2021:1092 zlib bug fix and enhancement update

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Bug Fixes and Enhancements: AlmaLinux8.1 - zlib: DFLTCC compression level switching issues BZ1926104 AlmaLinux8.2 - zlib: inflateSyncPoint returns an incorrect result on z15...

zlib bug fix and enhancement update

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Bug Fixes and Enhancements: AlmaLinux8.1 - zlib: DFLTCC compression level switching issues BZ1926104 AlmaLinux8.2 - zlib: inflateSyncPoint returns an incorrect result on z15...

Who has the fastest F1 website in 2021? Part 5

This is part 5 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10 recently-built/updated sites that have broadly the same goal, but are built by different teams, and have different performanc...

[SECURITY] Fedora 34 Update: jasper-2.0.27-1.fc34

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

Fedora: Security Advisory for jasper (FEDORA-2021-2213a29364)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Who has the fastest F1 website in 2021? Part 2

Ohhh, you've come back for more? Excellent. I was worried it was just going to be me sat here, typing to myself. This is part 2 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10...

[SECURITY] Fedora 32 Update: jasper-2.0.26-2.fc32

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

Fedora: Security Advisory for jasper (FEDORA-2021-26cb56b3cb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: jasper-2.0.26-2.fc33

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...