NLnet Labs Unbound 缓冲区错误漏洞

Unbound is a DNS resolver that supports validation, recursion, and caching features. An out-of-bounds write vulnerability exists in rdatacopy in versions of Unbound prior to 1.9.5. An attacker can exploit this vulnerability by compressing names to cause an out-of-bounds write...

NLnet Labs Unbound 安全漏洞

Unbound is a DNS resolver that supports validation, recursion, and caching features. An assertion failure vulnerability exists in dnamepktcopy in versions of Unbound prior to 1.9.5. An attacker can exploit this vulnerability by compressing names to cause an assertion failure...

Unbound 安全漏洞

Unbound is a DNS resolver that supports validation, recursion, and caching features. An infinite loop vulnerability exists in dnamepktcopy in Unbound versions prior to 1.9.5. An attacker can exploit this vulnerability by compressing names to cause an infinite loop...

[SECURITY] Fedora 34 Update: openvpn-2.5.2-1.fc34

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

About the security content of watchOS 7.4

About the security content of watchOS 7.4 This document describes the security content of watchOS 7.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of iOS 14.5 and iPadOS 14.5

About the security content of iOS 14.5 and iPadOS 14.5 This document describes the security content of iOS 14.5 and iPadOS 14.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

The vulnerability of the ZRAM module in Linux operating systems, Ubuntu, and OpenSUSE Leap allows a hacker to cause a system failure.

The vulnerability of the ZRAM module in Linux operating systems, such as Ubuntu and OpenSUSE Leap, involves an uncontrolled consumption of resources. Exploiting this vulnerability can allow attackers to cause service failures...

Reproxy - Simple Edge Server / Reverse Proxy

Reproxy is a simple edge HTTPs server / reverse proxy supporting various providers docker, static, file. One or more providers supply information about requested server, requested url, destination url and health check url. Distributed as a single binary or as a docker container. Automatic SSL...

VulnCheck KEV: CVE-2020-8260

Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction...

GO-2020-0037 Uncontrolled resource consumption in github.com/tendermint/tendermint

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector...

PT-2021-9103 · Go +5 · Github.Com/Tendermint/Tendermint +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the support of Gzip compression in request bodies and the lack of limiting response body sizes. This can allow a malicious serve...

How the NAME:WRECK Bugs Impact Consumers, Businesses

Researchers estimate more than 100 million internet-connected devices are vulnerable to a class of flaws dubbed NAME:WRECK. Devices ranging from smartphones, aircraft navigation systems and industrial internet of things IIoT endpoints are vulnerable to either a denial-of-service DoS or remote...

The vulnerability of the B44 data compression function (OpenEXR/IlmImf/ImfB44Compressor.cpp) in the OpenEXR library allows a hacker to trigger a service failure.

The vulnerability of the B44 data compression function OpenEXR/IlmImf/ImfB44Compressor.cpp in the OpenEXR library is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to cause service failures by creating specially crafted EXR files...

The vulnerability of the implementation of the file compression method using Zip scanning per scanline (ImfScanLineInputFile.cpp) in the OpenEXR library allows a hacker to cause a service failure.

The vulnerability of the Zip file compression method implemented using the scanline parameter ImfScanLineInputFile.cpp in the OpenEXR library is related to an uncontrolled resource consumption when processing the todata-linesInBuffer parameter. Exploiting this vulnerability could allow an attacke...

CVE-2021-24220

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

Design/Logic Flaw

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

zlib bug fix and enhancement update

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Bug Fixes and Enhancements: AlmaLinux8.1 - zlib: DFLTCC compression level switching issues BZ1926104 AlmaLinux8.2 - zlib: inflateSyncPoint returns an incorrect result on z15...

ALBA-2021:1092 zlib bug fix and enhancement update

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Bug Fixes and Enhancements: AlmaLinux8.1 - zlib: DFLTCC compression level switching issues BZ1926104 AlmaLinux8.2 - zlib: inflateSyncPoint returns an incorrect result on z15...

Who has the fastest F1 website in 2021? Part 5

This is part 5 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10 recently-built/updated sites that have broadly the same goal, but are built by different teams, and have different performanc...