curl: Unbounded GZIP Decompression Leading to Event-Loop Starvation

When libcurl is configured to decompress HTTP responses via CURLOPTACCEPTENCODING or the --compressed CLI flag, it lacks decompression bounds checking or a mechanism to yield execution during massive expansion tasks. If an attacker provides a highly compressed payload zip bomb, libcurl's underlyi...

GSD-2022-1000690 btrfs: fallback to blocking mode when doing async dio over multiple extents

btrfs: fallback to blocking mode when doing async dio over multiple extents This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.13 by commit...

Log4j 0day mitigation update CVE-2021-44228

Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts at exploitation will be automatically blocked in a blocking mode When working in a monitoring mode, consider creating a virtual patch Log4Shell A 0-day exploit i...

Testing ModSecurity for false positives by books texts

The main things that prevent enabling security solutions like WAF/RASP/IDS/IPS in a blocking mode are false positives. Probably the second one is their inline performance and additional latency, but still. As a cloud-native WAF vendor, we at Wallarm are actively checking our products for false...

The vulnerability of Cisco AMP’s security tools for end devices allows attackers to trigger a service failure.

The vulnerability of Cisco AMP’s anti-virus and anti-malware tools for end devices is related to resource management errors. Exploiting this vulnerability allows a malicious actor to trigger a service failure a critical kernel error remotely, provided that the system is operating in a network...

Windows Outbound-Filtering Rules

This module makes some kind of TCP traceroute to get outbound-filtering rules. It will try to make a TCP connection to a certain public IP address this IP does not need to be under your control using different TTL incremental values. This way if you get an answer ICMP TTL time exceeded packet fro...

Fedora 18 : curl-7.27.0-10.fc18 (2013-7813)

switch SSL socket into non-blocking mode after handshake 960765 - prevent an artificial timeout event due to stale speed-check data 906031 - show proper host name on failed resolve 957173 fix cookie tailmatching to prevent cross-domain leakage CVE-2013-1944 Note that Tenable Network Security has...