Cisco Email Security Appliance Zip Content Filter Bypass (cisco-sa-esa-zip-bypass-gbU4gtTg)

According to its self-reported version, Cisco Email Security Appliance ESA is affected by a vulnerability in the zip decompression engine due to improper handling of password-protected zip files. An unauthenticated, remote attacker can exploit this with a crafted zip file to bypass content filter...

brotli: buffer overflow when input chunk is larger than 2GiB

A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a "one-shot" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB...

CVE-2020-4993

IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905...

Qualcomm 组件缓冲区错误漏洞

The Qualcomm Component is a component of Qualcomm Incorporated USA. An intrinsic part that provides the functionality of Qualcomm devices. A security vulnerability exists in the Qualcomm Component that stems from a buffer over-read when decompressing RTCP packets, where we may read additional byt...

EulerOS 2.0 SP3 : wireshark (EulerOS-SA-2021-1859)

According to the versions of the wireshark packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by...

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

Format string

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

CVE-2021-29482 denial of service in github.com/ulikunitz/xz

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

CVE-2021-29482

CVE-2021-29482 affects the Go xz library (github.com/ulikunitz/xz) used to read xz containers. The issue is in readUvarint where crafted input can cause the loop to fail to terminate, potentially enabling a denial of service. The vulnerability has been fixed in release v0.5.8; a practical workaro...

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

CVE-2020-27738

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions, Nucleus ReadyStart V3 All versio...

CVE-2020-27009

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...

CVE-2020-27009

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

USN-4923-1 edk2 vulnerabilities

Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. CVE-2021-28210 Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote...

USN-4923-1: EDK II vulnerabilities

Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. CVE-2021-28210 Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote...

SUSE: Security Advisory (SUSE-SU-2019:3092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:0464-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

多款siemens产品 缓冲区错误漏洞

SIMOTICS CONNECT 400 is a connector and sensor box mounted on a low-voltage motor that provides analysis data for the MindSphere application SIDRIVE IQ Fleet. A denial of service vulnerability exists in the Siemens SIMOTICS CONNECT 400. The vulnerability is due to the DNS domain record...

The vulnerability of the automatic email decompression mechanism of Apple Mail on Apple Mac OS operating systems allows a hacker to write arbitrary files.

The vulnerability of the Apple Mail client’s automatic decompression mechanism in Apple Mac OS operating systems is related to incorrect handling of logical operations. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the /Library/Mail directory and $TMPDIR...