Fedora: Security Advisory for upx (FEDORA-2020-20cf0743f5)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 7 : libarchive (RHSA-2020:0203)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0203 advisory. - archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVEFAILED situation, related to...

libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry

A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. An application that accepts untrusted RAR archives may be vulnerable to this flaw, which could allow a remote attacker to cause a denial of...

libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry

A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. An application that accepts untrusted RAR archives may be vulnerable to this flaw, which could allow a remote attacker to cause a denial of...

CVE-2020-3134

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

CVE-2020-3134

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

Input validation

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

CVE-2020-3134 Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

CVE-2020-3134

Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) is affected by CVE-2020-3134 due to an improper validation of zip files in the zip decompression engine. The issue can be exploited by sending an email with a crafted zip- compressed attachment, potentially triggering a restart of th...

CVE-2020-3134 Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

Cisco Email Security Appliance zip decompression engine denial of service vulnerability

The Cisco Email Security Appliance ESA is an all-in-one appliance that defends against spam, advanced malware, phishing, and data loss.Cisco AsyncOS is the base operating system OS, device drivers, memory management, process scheduling, and a collection of all application and scanning software. A...

Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry

A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. An application that accepts untrusted RAR archives may be vulnerable to this flaw, which could allow a remote attacker to cause a denial of...

Important: Red Hat Security Advisory: libarchive security update

An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Fedora Update for apache-commons-compress FEDORA-2019-da0eac1eb6

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for suricata FEDORA-2019-52b360546c

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

pillow is vulnerable to denial of service DoS. The vulnerability exists as there was a lack of validation of image size during decompression of images in the ImagingSgiRleDecode function, causing an SGI buffer overflow...

openSUSE Security Update : spectre-meltdown-checker (openSUSE-2019-2710)

This update for spectre-meltdown-checker fixes the following issues : - feat: implement TAA detection CVE-2019-11135 bsc1139073 - feat: implement MCEPSC / iTLB Multihit detection CVE-2018-12207 bsc1117665 - feat: taa: add TSXCTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub...

CVE-2019-16535

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...

CVE-2019-16535

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...