GHSA-4H8F-C635-25P7 ibexa/post-install affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...

ibexa/post-install affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...

ibexa/http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

GHSA-FH7V-Q458-7VMW ibexa/http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

GHSA-MGFG-7533-7JF6 ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

PT-2024-40073 · Apache +1 · Apache +1

Name of the Vulnerable Software and Affected Versions: ibexa post-install versions prior to the patched versions Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...

PT-2024-40372 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: ezplatform-http-cache affected versions not specified Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...

The vulnerability of the Linux operating system’s kernel compression component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel compression component is related to incorrect calculations. Exploiting this vulnerability can allow an attacker to cause a service failure...

1.2.0 module bug fix and enhancement update

An update is available for qatzip. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list QATzip is a user space library which builds on top of the Intel QuickAssist...

24.02.0 module bug fix and enhancement update

An update is available for qatlib. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Intel QuickAssist Technology Intel QAT provides hardware acceleration for...

podman security update

4.9.4-16.0.1 - Fixes issue of podman execvp error while using podmansh Orabug: 36073625 - Improved saving remote build context to tarfile in Podman daemon Orabug: 36495655 - Add devices on container startup, not on creation - Backport fast gzip for compression Orabug: 36420418 - overlay: Put shou...

drm/amd/display: Skip Recompute DSC Params if no Stream on Link

...

go-toolset:ol8 security update

delve 1.22.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.22.1-1 - Rebase to 1.22.1 - Resolves: RHEL-54307 golang 1.22.7-1 - Update to Go 1.22.7 - Resolves: RHEL-58223 - Resolves: RHEL-57961 - Resolves: RHEL-57847 - Resolves: RHEL-57860 1.22.5-3 - Update fix that loads...

Python Execute Command

Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run module MetasploitModule CachedSize =...

USN-7080-1 unbound vulnerability

Toshifumi Sakaguchi discovered that Unbound incorrectly handled name compression for large RRsets, which could lead to excessive CPU usage. An attacker could potentially use this issue to cause a denial of service by sending specially crafted DNS responses...

DEBIAN-CVE-2024-49900

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...

SUSE CVE-2024-47732

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The freedevicecompressionmodeiaadevice, devicemode function frees "devicemode" but it iss passed to iaacompressionmodesi-free a few lines later resulting in a use after free. The goo...

DEBIAN-CVE-2024-47732

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The freedevicecompressionmodeiaadevice, devicemode function frees "devicemode" but it iss passed to iaacompressionmodesi-free a few lines later resulting in a use after free. The goo...

AZL-50867 CVE-2024-47683 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link why Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOP...