3661 matches found
Wireshark SIGCOMP Protocol Parser Buffer Overflow Vulnerability
Wireshark formerly known as Ethereal is a set of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.SIGCOMP protocol dissector is one of the SIGCOMP signaling compression protocol...
UBUNTU-CVE-2018-7320
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets...
DEBIAN-CVE-2018-7320
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets...
[SECURITY] Fedora 27 Update: zziplib-0.13.68-1.fc27
The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementat ion is based only on the free subset of compression with the zlib...
[SECURITY] Fedora 26 Update: p7zip-16.02-10.fc26
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very h igh compression ratio. The original version can be found at http://www.7-zip.or g/...
[SECURITY] Fedora 27 Update: p7zip-16.02-10.fc27
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very h igh compression ratio. The original version can be found at http://www.7-zip.or g/...
Detecting Drone Surveillance with Traffic Analysis
This is clever: Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They fir...
Fedora 27 : openvpn (2017-5882331351)
Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated key-method 1 configuration option CVE-2017-12166. From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled...
The vulnerability of the zi_short function in the Info-ZIP Unzip file archiver’s zipinfo.c file allows a hacker to trigger a service failure.
The vulnerability of the zishort function in the Info-ZIP Unzip file archiver exists because the result of the operation is stored outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures through vectors related to the compression method...
The vulnerability of the list_files function in the Info-ZIP Unzip file archiver allows a hacker to trigger a service failure.
The vulnerability of the listfiles function in the Info-ZIP Unzip file archiver arises from operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to cause service failures through mechanisms related to compression methods...
[ASA-201801-5] mongodb: arbitrary code execution
Arch Linux Security Advisory ASA-201801-5 ========================================= Severity: High Date : 2018-01-05 CVE-ID : CVE-2017-15535 Package : mongodb Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-503 Summary ======= The package mongodb before...
RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack
It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack...
Updated openssh packages fix security vulnerability
It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged...
MGASA-2018-0006 Updated openssh packages fix security vulnerability
It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged...
Invoke-PSImage - Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web when the -Web flag is...
[SECURITY] Fedora 26 Update: optipng-0.7.6-6.fc26
OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats BMP, GIF, PNM and TIFF to optimized PNG, and performs PNG integrity checks and corrections...
[SECURITY] Fedora 26 Update: borgbackup-1.1.3-1.fc26
BorgBackup short: Borg is a deduplicating backup program. Optionally, it supports compression and authenticated encryption...
[SECURITY] Fedora 27 Update: borgbackup-1.1.3-1.fc27
BorgBackup short: Borg is a deduplicating backup program. Optionally, it supports compression and authenticated encryption...
DEBIAN-CVE-2016-1253
The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file...
Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability
This blog post was authored by Marcin Noga of Cisco Talos.IntroductionIn 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of...