SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2015:0003-1)

This libxml2 update fixes the following security and non-security issues : - Fix a denial of service via recursive entity expansion. CVE-2014-3660, bnc901546, bgo738805 - Fix a regression in xzlib compression support. bnc908376 Note that Tenable Network Security has extracted the preceding...

SUSE SLED11 / SLES11 Security Update : clamav (SUSE-SU-2014:0414-1)

The antivirus scanner ClamAV has been updated to version 0.98.1, which includes the following fixes : - Code quality fixes in libclamav, clamd, sigtool, clamav-milter, clamconf, and clamdtop. - Code quality fixes in libclamav, libclamunrar and freshclam. - bb 8385: a PDF ASCII85Decode zero-length...

ACE Files

ACE is a data compression format used for archiving, which consists of blocks of various types and sizes. An attacker may use the compressed ACE format in order to bypass inspection by network security devices, which will not be able to inspect the original content that is being transferred...

JVN#78689801: BGA32.DLL and QBga32.DLL contain multiple vulnerabilities

BGA32.DLL is a compression/decompression library for gza and bza-format files. BGA32.DLL contains multiple vulnerabilities including a buffer overflow because it utilizes vulnerable zlib and bzip2 libraries. QBga32.DLL, which is a wrapper of BGA32.DLL, is also affected. Impact Decompressing a...

SAP encryption algorithm vulnerability can lead to remote code execution or denial of service-vulnerability warning-the black bar safety net

Now, there is a widely used Protocol appeared unexpected vulnerability, SAP encryption algorithm of the data compression software can lead to remote code execution vulnerability and denial of service vulnerabilities. These problems arise because the SAP encryption algorithm of coding uses a popul...

[CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities

Advisory Information Title: SAP LZC/LZH Compression Multiple Vulnerabilities Advisory ID: CORE-2015-0009 Advisory URL: http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities Date published: 2015-05-12 Date of last update: 2015-05-12 Vendors contacted: SAP Release...

Remotely Exploitable Vulnerabilities in SAP Compression Algorithms

The two primary compression algorithms used by SAP SE products, some of the most popular enterprise and business management software platforms on the market, contain multiple, remotely exploitable security vulnerabilities. Martin Gallo of Core Security Consulting Services found vulnerabilities in...

SAP LZC/LZH Compression Multiple Vulnerabilities

Advisory ID Internal CORE-2015-0009 1. Advisory Information Title: SAP LZC/LZH Compression Multiple Vulnerabilities Advisory ID: CORE-2015-0009 Advisory URL:https://www.coresecurity.com/core-labs/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities Date published: 2015-05-12 Date of last...

Debian DSA-3253-1 : pound - security update (POODLE)

Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer SSL protocol. For Debian 7 wheezy this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default CVE-2009-355...

Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability

Document Title: =============== Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1420 Release Date: ============= 2015-05-03 Vulnerability Laboratory ID VL-ID:...

Debian Security Advisory DSA 3253-1 (pound - security update)

Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer SSL protocol. For Debian 7 wheezy this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default CVE-2009-355...

DSA-3253-1 pound - security update

Bulletin has no description...

Grindr 2.1.1 Breach Attack

Document Title: =============== Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1420 Release Date: ============= 2015-05-03 Vulnerability Laboratory ID VL-ID:...

Grindr v2.1.1 iOS & Account System - Breach Attack

Document Title: =============== Grindr v2.1.1 iOS & Account System - Breach Attack References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1420 Release Date: ============= 2015-05-03 Vulnerability Laboratory ID VL-ID: ==================================== 1420...

Grindr v2.1.1 iOS & Account System - Breach Attack

Document Title: =============== Grindr v2.1.1 iOS & Account System - Breach Attack References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1420 Release Date: ============= 2015-05-02 Vulnerability Laboratory ID VL-ID: ==================================== 1420...

JVN#02527990: Lhaplus vulnerable to directory traversal

Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability. Impact Decompressing a file with a specially crafted file name may result in a creation of an arbitrary file or an overwrite of an...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2015:186)

A vulnerability has been discovered and corrected in phpmyadmin : libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with...

Mandriva Linux Security Advisory : cabextract (MDVSA-2015:064)

Updated cabextract packages fix security vulnerabilities : Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any...

Optimize Web Pages Using "Data Saver Chrome Extension" to Save Bandwidth

Google want to save its users' bandwidth at home. The company has released a "Data Saver extension for Chrome," bringing its data compression feature for its desktop users for the first time. While tethering to a mobile Hotspot for Internet connection for your laptop, this new Data Saver extensio...

[SECURITY] Fedora 21 Update: nx-libs-3.5.0.29-1.fc21

NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when using X applications over a network, especially a slow one. This package provides the core nx-X11 libraries customized for nxagent/x2goagent...