Design/Logic Flaw

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

CVE-2016-10544

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

Libmobi Information Disclosure Vulnerability (CNVD-2018-10875)

Libmobi is a C-based language for processing Kindle MOBI format e-book document library . A security vulnerability exists in the 'bufferfill64' function of the compression.c file in Libmobi version 0.3. A remote attacker can exploit this vulnerability to disclose information heap-based buffer...

CVE-2018-11435

Libmobi 0.3 is affected by a vulnerability in the function mobi_decompress_huffman_internal in compression.c, which allows a remote attacker to cause information disclosure via a crafted MOBI file, manifesting as a read access violation. This is corroborated across multiple sources (NVD/NVD-based...

CVE-2018-11435

The mobidecompresshuffmaninternal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure read access violation via a crafted mobi file...

CVE-2018-11438

The mobidecompresslz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution heap-based buffer overflow via a crafted mobi file...

[SECURITY] Fedora 27 Update: wavpack-5.1.0-8.fc27

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

[SECURITY] Fedora 28 Update: wavpack-5.1.0-8.fc28

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

DEBIAN-CVE-2018-11230

jbig2addpage in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted file...

7-Zip < 18.00 Multiple Vulnerabilities

The version of 7-Zip installed on the remote Windows host is prior to 18.0. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid109800; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate",...

Exploit for CVE-2012-4929

CRIME-poc CRIME attack : a compression oracle attacks CVE-20...

The Recipe for Web Performance Starts with the Right Ingredients: Page Construction Metrics

You can't manage what you can't measure. As devices grow in capacity and innovations allow us to do more with web apps, the complexity of our pages has grown, too. It becomes a balancing act to increase functionality while maintaining a performant and responsive site. Just like a great recipe, to...

[SECURITY] Fedora 27 Update: libvncserver-0.9.11-5.fc27

LibVNCServer makes writing a VNC server or more correctly, a program expor ting a frame-buffer via the Remote Frame Buffer protocol easy. It hides the programmer from the tedious task of managing clients and compression schemata...

DLINK DCS-5020L - Remote Code Execution (PoC)

DLINK DCS-5020L - Remote Code Execution PoC “The DCS-5020L Wireless N Day & Night Pan/Tilt Cloud Camera is a day/night network camera that easily connects to your existing home network for remote viewing on a range of mobile devices. It features pan, tilt and digital zoom function to allow you to...

Double free

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device...

CVE-2018-3560

CVE-2018-3560 describes a double-free in the Android sound path. Affected products include Android for MSM, Firefox OS for MSM, and QRD Android with CAF Linux-kernel branches. The root cause is a double-free in the Audio Driver when opening a sound compression device, leading to potential misuse ...

[SECURITY] Fedora 26 Update: wavpack-5.1.0-7.fc26

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

[SECURITY] Fedora 26 Update: nx-libs-3.5.0.33-4.fc26

NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when using X applications over a network, especially a slow one. This package provides the core nx-X11 libraries customized for nxagent/x2goagent...

[SECURITY] Fedora 27 Update: mingw-wavpack-5.1.0-4.fc27

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

[SECURITY] Fedora 26 Update: mingw-wavpack-5.1.0-4.fc26

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...