CVE-2017-15535

CVE-2017-15535 affects MongoDB 3.4.x before 3.4.10 and 3.5.x-development in the wire protocol compression feature (networkMessageCompressors), which is disabled by default but if enabled can allow a remote attacker to cause a denial of service or modify memory. Public advisories and updates exist...

Debian: Security Advisory (DSA-4013-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability(CVE-2016-2334)

DESCRIPTION An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution. TESTED VERSIONS 7-Zip 32 15.05 beta 7-Zip 64 9.20 PRODUCT URLS http://www.7-zip.org/ CVSSv3 SCORE 7.3 -...

[SECURITY] Fedora 25 Update: upx-3.94-1.fc25

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

Apple Image I/O EXR Compression Remote Code Execution Vulnerability(CVE-2016-4630)

SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...

[SECURITY] Fedora 27 Update: upx-3.94-1.fc27

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

WordPress Smush Image Compression and Optimization plugin <=2.7.5 - File Traversal vulnerability

File Traversal vulnerability found by Ricardo Sánchez in WordPress Smush Image Compression and Optimization plugin versions =2.7.5. Solution Update the WordPress Smush Image Compression and Optimization plugin to the latest available version at least 2.7.6...

[SECURITY] Fedora 25 Update: libmspack-0.6-0.1.alpha.fc25

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

Directory traversal

The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal...

CVE-2017-15079

The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal...

CVE-2017-15079

The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal...

CVE-2017-15079

CVE-2017-15079 concerns the WordPress plugin Smush Image Compression and Optimization (pre-2.7.6). According to sources, this plugin version is vulnerable to a directory traversal flaw that permits an unauthenticated, remote attacker to reveal underlying directory structures. The vulnerability is...

[SECURITY] Fedora 27 Update: openvpn-2.4.4-1.fc27

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

Amazon Linux AMI : openssh (ALAS-2017-898)

A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. CVE-2016-6210 It was found that OpenSSH did not limit...

Fedora 26 : openvpn (2017-700915e34f)

Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated key-method 1 configuration option CVE-2017-12166. From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled...

Medium: openssh

Issue Overview: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. CVE-2016-6210 It was found that OpenSSH...

[SECURITY] Fedora 27 Update: libmspack-0.6-0.1.alpha.fc27

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

[SECURITY] Fedora 27 Update: jasper-2.0.14-1.fc27

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

Security fix for the ALT Linux 8 package clamav version 0.99.2-alt3

Sept. 25, 2017 Anton V. Boyarshinov 0.99.2-alt3 - Fixes: + CVE-2017-6418 remote attackers can cause a denial of service out-of-bounds read via a crafted e-mail message + CVE-2017-6420 remote attackers can cause a denial of service use-after-free via a crafted PE file with WWPack compression...

Security fix for the ALT Linux 10 package clamav version 0.99.2-alt3

Sept. 25, 2017 Anton V. Boyarshinov 0.99.2-alt3 - Fixes: + CVE-2017-6418 remote attackers can cause a denial of service out-of-bounds read via a crafted e-mail message + CVE-2017-6420 remote attackers can cause a denial of service use-after-free via a crafted PE file with WWPack compression...