PYSEC-2018-79

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...

PT-2018-9415 · Aaugustin +1 · Uwebsockets +1

Name of the Vulnerable Software and Affected Versions: aaugustin websockets versions 4.0 through 4.0 Description: The issue is related to improper handling of highly compressed data, which can result in Denial of Service by memory exhaustion. This can be exploited by sending a specially crafted...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Real-time Compression Appliance (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Real-time Compression Appliance Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...

Security Bulletin: Vulnerabilities in OpenSSL affect Real-time Compression CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by Real-time Compression Appliance. Real-time Compression Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0209DESCRIPTION: OpenSSL could allow a remote...

Security Bulletin: Vulnerability in RC4 stream cipher affects Real-time Compression Appliance (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Real-time Compression Appliance Vulnerability Details CVEID: CVE-2015-2808DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit...

Security Bulletin: IBM Real-time Compression Appliance is exposed to the following Bash vulnerabilities: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278

Summary Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. IBM Real-time Compression Appliance is exposed to CVE-2014-6271, CVE-2014-7169,...

Security Bulletin: IBM Real-time Compression Appliance is exposed to the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298.

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. IBM Real-time Compression Appliance is exposed to CVE-2014-0224, CVE-2014-0198, CVE-2010-5298. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable...

Security Bulletin: IBM Tivoli Monitoring Agent Framework component. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9843)

Summary IBM Tivoli Monitoring uses zlib compression library in both the General services library and the File Transfer component. This bulletin address several reported vulnerabilities in the zlib compression library. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a...

Mail.ru: Загрузка png бомбы, которая начинает DDOS атаку на бота со Стикерами.

ICQ sticker bot was vulneraeble to DoS via PNG compression bomb attack...

[SECURITY] Fedora 28 Update: jasper-2.0.14-5.fc28

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

Quest DR Series Disk Backup Software Command Injection Vulnerability (CNVD-2018-15873)

The Quest DR Series are disk storage and deduplication appliances. A command injection vulnerability exists in the setcompression method in Quest DR Series disk backup software versions prior to 4.0.3.1. An attacker could exploit this vulnerability to execute commands...

Bitvise SSH Server < 7.41 Security Bypass Vulnerability

Bitvise SSH Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:bitvise:winsshd";...

[SECURITY] Fedora 27 Update: jasper-2.0.14-5.fc27

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

CVE-2016-10596

imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...

CVE-2016-10544

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

CVE-2016-10544

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

Design/Logic Flaw

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

CVE-2016-10544

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

Libmobi Information Disclosure Vulnerability (CNVD-2018-10875)

Libmobi is a C-based language for processing Kindle MOBI format e-book document library . A security vulnerability exists in the 'bufferfill64' function of the compression.c file in Libmobi version 0.3. A remote attacker can exploit this vulnerability to disclose information heap-based buffer...

CVE-2018-11435

Libmobi 0.3 is affected by a vulnerability in the function mobi_decompress_huffman_internal in compression.c, which allows a remote attacker to cause information disclosure via a crafted MOBI file, manifesting as a read access violation. This is corroborated across multiple sources (NVD/NVD-based...