[ASA-201612-20] openssh: multiple issues

Arch Linux Security Advisory ASA-201612-20 ========================================== Severity: Medium Date : 2016-12-22 CVE-ID : CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 Package : openssh Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-110 Summary...

[SECURITY] Fedora 24 Update: p7zip-16.02-2.fc24

p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very h igh compression ratio. The original version can be found at http://www.7-zip.or g/...

Hand to hand teach you how to construct the office exploits EXP（fourth period）-bug warning-the black bar safety net

This is a period of vulnerability to share with you is CVE-2015-1641 learning summary, this vulnerability due to its good versatility and stability claims to have replaced the CVE-2012-0158 trend. The vulnerability is a type confusion class of vulnerability, through which you can achieve arbitrar...

Cyber Swiss Army Knife: CyberChef

Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include creating hexdumps, simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, data compression and...

Downloads Resources over HTTP

Overview imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled...

[SECURITY] Fedora 25 Update: p7zip-16.02-2.fc25

p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very h igh compression ratio. The original version can be found at http://www.7-zip.or g/...

[SECURITY] Fedora 25 Update: mingw-libwebp-0.5.1-2.fc25

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

[SECURITY] Fedora 25 Update: libwebp-0.5.1-2.fc25

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

[SECURITY] Fedora 24 Update: mingw-libwebp-0.5.1-2.fc24

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

[SECURITY] Fedora 23 Update: jasper-1.900.13-1.fc23

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

[SECURITY] Fedora 24 Update: jasper-1.900.13-1.fc24

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

[SECURITY] Fedora 24 Update: libwebp-0.5.1-2.fc24

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

[SECURITY] Fedora 25 Update: jasper-1.900.13-1.fc25

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

LibTIFF TIFF2PDF TIFFTAG_JPEGTABLES Remote Code Execution Vulnerability

Summary An exploitable heap based buffer overflow exists in the handling of TIFF images in LibTIFF’s TIFF2PDF tool. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means...

ssh-audit - SSH Server Auditing

ssh-audit is a tool for ssh server auditing. Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication code algorithms; output algorithm information...

[SECURITY] Fedora 25 Update: jasper-1.900.3-1.fc25

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

Drupal Core Full config export configuration file unauthorized download vulnerability

Author: p0wd3r know Chong Yu 404 security lab 0x00 vulnerability overview 1. Vulnerability description Drupal （ https://www.drupal.org is a free open source content management system, recent researchers have found in it 8. x 8.1.10 version found three security vulnerabilities, one vulnerability...

[SECURITY] Fedora 23 Update: jasper-1.900.1-34.fc23

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

[SECURITY] Fedora 25 Update: jasper-1.900.1-34.fc25

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the ImageIO component in the Mac OS X operating system arises due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption by using a specially crafted EXR image with B44...