GHSA-3677-XXCR-WJQV jose4j is vulnerable to DoS via compressed JWE content

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

Debian dla-4054 : tryton-client - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4054 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4054-1 [email protected] https://www.debian.org/lts/security/...

CVE-2024-3508 Bzip2: compressed content bomb leads to denial of service of bombastic api

A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...

Microsoft Windows VML parsing buffer overflow

Heap buffer overflow on compressed VML content...

EEYE: VGX.DLL Compressed Content Heap Overflow Vulnerability

VGX.DLL Compressed Content Heap Overflow Vulnerability Release Date: August 14, 2007 Date Reported: October 24, 2006 Severity: High Code Execution Systems Affected: Internet Explorer 6 SP1 - Windows 2000 SP4 Internet Explorer 6 SP1 - Windows XP SP1 Internet Explorer 6 SP2 - Windows XP SP2 Interne...