RUSTSEC-2021-0131 Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. An updated version of brotli-sys has not...

Teamcenter Active Workspace Path Traversal Vulnerability

Teamcenter Active Workspace is a web application for accessing the Teamcenter system. Teamcenter Active Workspace path traversal vulnerability, where the application contains an insecure decompression mode, could lead to a compressed path traversal attack. An attacker could use this vulnerability...

Siemens Teamcenter Active Workspace 路径遍历漏洞

Teamcenter Active Workspace is a web application for accessing the Teamcenter system. Teamcenter Active Workspace path traversal vulnerability, where the application contains an insecure decompression mode, could lead to a compressed path traversal attack. An attacker could use this vulnerability...

Fedora: Security Advisory for suricata (FEDORA-2021-c7fd9e9126)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: suricata-6.0.4-1.fc34

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 35 Update: suricata-6.0.4-1.fc35

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

OESA-2021-1441 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: An...

UBUNTU-CVE-2021-21898

A code execution vulnerability exists in the dwgCompressor::decompress18 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

Denial Of Service (DoS)

busybox is vulnerable to denial of service. An out-of-bounds heap read in unlzma leads to information leak and application crash when crafted LZMA-compressed input is decompressed...

openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

Mozilla Firefox Security Advisory (MFSA2016-30) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

OESA-2021-1423 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages...

The vulnerability of the decompression function Dwa in the IlmImf software library for storing images in OpenEXR format, which has a wide dynamic range of brightness levels. This vulnerability is related to pointer arithmetic errors, allowing attackers to cause service interruptions.

The vulnerability of the decompression function in the Dwa library of the OpenEXR image storage software for images with wide dynamic ranges is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause service interruptions...

Zip Password Recovery缓冲区错误漏洞

KryLack Software Zip Password Recovery is an advanced software from KryLack Software. It is used to recover lost or forgotten passwords to Zip WinZip archives. A buffer error vulnerability exists in Passcovery ZIP Password Recovery version 3.70.69.0, which stems from a buffer overflow vulnerabili...

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...

DEBIAN-CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...

Design/Logic Flaw

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...