3202 matches found
CVE-2020-13493
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...
The vulnerability of the software’s zip-file decompression mechanism in Cisco AsyncOS affects Cisco Email Security Appliance security systems. This vulnerability allows attackers to bypass the configured content filters on the device.
The vulnerability of the software’s zip-file decompression mechanism for Cisco Email Security Appliance devices is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to bypass the configured content filters on the device...
CVE-2020-6147
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...
CVE-2020-6148
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...
CVE-2020-6150
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...
CVE-2020-6150
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...
CVE-2020-6148
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...
Heap overflow
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...
Heap overflow
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...
Heap overflow
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...
CVE-2020-6148
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...
CVE-2020-6150
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...
CVE-2020-6150
Four heap overflow CVEs in Pixar OpenUSD 20.05 related to USDC file format decompression of SPECS, FIELDS, FIELDSETS, and PATHS sections. TALOS-2020-1094 details exact code paths (crateFile.cpp) where unvalidated section sizes and mismatched ReadContiguous/decompression buffers allow heap-based o...
The vulnerability in the jp2/opj_decompress.c component of the OpenJPEG image encoding and decoding library allows a malicious actor to disclose protected information or cause service failures.
The vulnerability of the jp2/opjdecompress.c component in the OpenJPEG image encoding and decoding library is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to disclose protected information or cause service failures...
Cisco Email Security Appliance Zip Content Filter Bypass Vulnerability
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...
PT-2020-4621 · Cisco · Cisco Email Security Appliance +1
Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance affected versions not specified Description: The issue is related to the zip decompression engine of Cisco AsyncOS Software, which is used in Cisco Email Security Appliance. It is caused by improper handling of...
[SECURITY] Fedora 31 Update: suricata-4.1.9-1.fc31
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
[SECURITY] Fedora 32 Update: suricata-5.0.4-1.fc32
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
Updated brotli packages fix security vulnerability
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB CVE-2020-8927...
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...