3260 matches found
CVE-2020-4993
IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905...
Qualcomm 组件缓冲区错误漏洞
The Qualcomm Component is a component of Qualcomm Incorporated USA. An intrinsic part that provides the functionality of Qualcomm devices. A security vulnerability exists in the Qualcomm Component that stems from a buffer over-read when decompressing RTCP packets, where we may read additional byt...
EulerOS 2.0 SP3 : wireshark (EulerOS-SA-2021-1859)
According to the versions of the wireshark packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by...
CVE-2021-29482
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...
Format string
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...
CVE-2021-29482 denial of service in github.com/ulikunitz/xz
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...
CVE-2021-29482
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...
CVE-2021-29482
CVE-2021-29482 affects the Go xz library (github.com/ulikunitz/xz) used to read xz containers. The issue is in readUvarint where crafted input can cause the loop to fail to terminate, potentially enabling a denial of service. The vulnerability has been fixed in release v0.5.8; a practical workaro...
CVE-2020-27009
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...
CVE-2020-27009
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...
CVE-2020-27738
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions, Nucleus ReadyStart V3 All versio...
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...
USN-4923-1: EDK II vulnerabilities
Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. CVE-2021-28210 Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote...
USN-4923-1 edk2 vulnerabilities
Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. CVE-2021-28210 Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote...
SUSE: Security Advisory (SUSE-SU-2018:0464-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:3092-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the automatic email decompression mechanism of Apple Mail on Apple Mac OS operating systems allows a hacker to write arbitrary files.
The vulnerability of the Apple Mail client’s automatic decompression mechanism in Apple Mac OS operating systems is related to incorrect handling of logical operations. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the /Library/Mail directory and $TMPDIR...
多款siemens产品 缓冲区错误漏洞
SIMOTICS CONNECT 400 is a connector and sensor box mounted on a low-voltage motor that provides analysis data for the MindSphere application SIDRIVE IQ Fleet. A denial of service vulnerability exists in the Siemens SIMOTICS CONNECT 400. The vulnerability is due to the DNS domain record...
Denial Of Service (DoS)
github.com/containers/storage/commit is vulnerable to Denial Of Service DoS. The decompression functionality allows an attacker to crash the application by pulling in malicious tools that resembles podman or cri-o during container image pulls...
CVE-2020-14104
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50...