Obfuscation: There Are Two Sides To Everything

How to detect and prevent attackers from using these various techniques Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it. What Is Obfuscation?...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud files Zip 1.2.0 and later, which originates from an attacker being able to download view-only files by...

EulerOS 2.0 SP9 : rsync (EulerOS-SA-2023-1135)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 Note that...

RHEL 9 : mingw-zlib (RHSA-2022:8420)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8420 advisory. The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fixes: zlib: A flaw...

CVE-2022-23002

When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an...

EulerOS Virtualization 2.10.0 : zlib (EulerOS-SA-2022-2105)

According to the versions of the zlib packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

rsync security update

3.1.3-14.2 - Related: 2074783 - Needed to bump this to rebuild correctly 3.1.3-14.1 - Resolves: 2074783 - A flaw in zlib-1.2.11 when compressing not decompressing! certain inputs...

GHSA-6FXM-66HQ-FC96 Uncontrolled Resource Consumption in Apache Commons Compress

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream BZip2CompressorOutputStream in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service CPU consumption via a file with many repeating inputs...

RHEL 8 : rsync (RHSA-2022:2197)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2197 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...

Nokogiri affected by zlib's Out-of-bounds Write vulnerability

zlib 1.2.11 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

SAP SAPCAR suffers from an input validation error vulnerability

SAP SAPCAR is a utility program from SAP Germany for compressing and/or decompressing SAP archive files. An input validation error vulnerability exists in SAP SAPCAR that stems from a failure to perform sufficient input validation. An attacker could exploit the vulnerability to gain privileged...

Mastodon 安全漏洞

Mastodon is an open source social network server based on ActivityPub. Mastodon suffers from a security vulnerability that stems from incorrect access control, as it does not compress incoming signed JSON-LD activities...

Imagegear has a denial of service vulnerability

ImageGear is a graphic image processing software with scanning, compression, viewing, printing, adding annotations, image editing and other features that enable developers to quickly develop image processing programs. Imagegear suffers from a denial of service vulnerability that can be exploited ...

Imagegear suffers from a denial of service vulnerability (CNVD-2021-50962)

ImageGear is a graphic image processing software with scanning, compression, viewing, printing, adding annotations, image editing and other features that enable developers to quickly develop image processing programs. Imagegear suffers from a denial of service vulnerability that can be exploited ...

Imagegear suffers from a denial of service vulnerability (CNVD-2021-50961)

ImageGear is a graphic image processing software with scanning, compression, viewing, printing, adding annotations, image editing and other features that enable developers to quickly develop image processing programs. Imagegear suffers from a denial of service vulnerability that can be exploited ...

CVE-2013-0296

Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring...

CVE-2013-0296

Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring...

Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities

Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities Title: ====== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities Date: ===== 2013-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1009 VL-ID: ===== 1009 Common Vulnerability Scoring System:...

[SECURITY] Fedora 17 Update: pigz-2.2.5-1.fc17

pigz, which stands for parallel implementation of gzip, is a fully functional replacement for gzip that exploits multiple processors and multiple cores to the hilt when compressing data...