All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion

Thrive “Legacy” themes register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote...

The vulnerability of the HPACK decoder in HAProxy server software allows for exploitation by reading data beyond the allowed buffer limits, enabling attackers to cause service failures.

The vulnerability of the HPACK decoder in HAProxy server software relates to reading data from buffer fields beyond their allowable limits. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Fedora: Security Advisory for upx (FEDORA-2021-acfb7be76e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: jasper-2.0.26-2.fc34

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

[SECURITY] Fedora 34 Update: upx-3.96-8.fc34

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 32 Update: upx-3.96-8.fc32

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

The vulnerability of the flb_gzip_compress() function implementation in the Fluent Bit data collector allows a hacker to trigger a service failure.

The vulnerability of the flbgzipcompress function implementation in Fluent Bit data collectors is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Fedora 33 : mingw-gdk-pixbuf (2021-755ba8968a)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-755ba8968a advisory. - GNOME gdk-pixbuf aka GdkPixbuf before 2.42.2 allows a denial of service infinite loop in lzw.c in the function writeindexes. if c-selfcode equals...

Denial Of Service (DoS)

libjpeg-turbo is vulnerable to denial of service DoS. A divide by zero occurs when attempting to compress a malformed GIF image which would lead to an application crash...

USN-4760-1: libzstd vulnerabilities

It was discovered that libzstd incorrectly handled file permissions. A local attacker could possibly use this issue to access certain files, contrary to expectations...

CVE-2021-24032

A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues especially if large files are being handled...

Fedora: Security Advisory for mingw-wavpack (FEDORA-2021-b7826fcedf)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: mingw-wavpack-5.4.0-1.fc32

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

[SECURITY] Fedora 33 Update: mingw-wavpack-5.4.0-1.fc33

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

Debian DLA-2573-1 : libzstd security update

It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions. For Debian 9 stretch, this problem has been fixed in version...

[SECURITY] [DLA 2573-1] libzstd security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2573-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 20, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4859-1] libzstd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4859-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 20, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4859-1] libzstd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4859-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 20, 2021 https://www.debian.org/security/faq -...

Important: unzip

Issue Overview: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service infinite loop via empty bzip2 data in a ZIP archive. CVE-2015-7697 Buffer overflow in the zishort function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via a...

Fedora: Security Advisory for jasper (FEDORA-2021-7716e59d84)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...