90 matches found
EUVD-2004-0795
Malware in sbrugna...
EUVD-2008-1679
Malware in sbrugna...
CVE-2024-57923
In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix availin bytes for s390 zlib HW compression path Since the input data length passed to zlibcompressfolios can be arbitrary, always setting strm.availin to a multiple of PAGESIZE may cause read-in bytes to exceed t...
CVE-2024-57923
In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix availin bytes for s390 zlib HW compression path Since the input data length passed to zlibcompressfolios can be arbitrary, always setting strm.availin to a multiple of PAGESIZE may cause read-in bytes to exceed t...
CVE-2024-57923
CVE-2024-57923 covers a Linux kernel issue in btrfs zlib HW compression on s390 where input length passed to zlib_compress_folios() could exceed input range due to strm.avail_in calculation becoming a multiple of PAGE_SIZE. The result is an assertion in btrfs_compress_folios() (total_in > orig...
Python Execute Command
Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run module MetasploitModule CachedSize =...
RHEL 6 : elfutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - elfutils: eu-size cannot handle recursive ar files CVE-2018-18520 - elfutils: heap-based buffer over-read...
zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...
SUSE CVE-2006-5823
The zlibinflate function in Linux kernel 2.6.x allows local users to cause a denial of service crash via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs...
zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...
rsync security update
An update is available for rsync. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rsync utility enables the users to copy and synchronize files locally or...
FreeBSD : FreeBSD -- zlib compression out-of-bounds write (38f2e3a0-b61e-11ec-9ebc-1c697aa5a594)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 38f2e3a0-b61e-11ec-9ebc-1c697aa5a594 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has ma...
Security advisory: Recently reported zlib compression issue impacts Qt
zlib has recently reported that it has a security issue when deflating which could cause memory corruption if the input has many distant matches. This is reported in a bit more detail here: and has been assigned the CVE id CVE-2018-25032. This has been fixed in an update to zlib 1.2.12 This affec...
SUSE-RU-2022:0861-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: openssl-11: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. - Fix PAC pointer authentication in ARM bsc1195856 - Pull libopenssl-11 when updating openssl-11 with the same version bsc1195792 - FIPS:...
SUSE-SU-2022:0860-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: Security issue fixed: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. Non-security issues fixed: - Fix PAC pointer authentication in ARM. bsc1195856 - Pull libopenssl-11 when updating openssl-11 wit...
SUSE-SU-2019:2668-1 Security update for sudo
This update for sudo provides the following fix: Security issue fixed: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers bsc1153674. Other issues fixed...
50m-ctf: LFI on Accounting server and RCE on FliteThermostat admin server
Summary: An attacker is able to download local files on the Accounting server due leveraging improper input sanitization in the Invoice PDF generator. In the same fashion an attacker is also able to issue server-side requests on the Accounting server through user-controlled CSS, possibly leading ...
Security Bulletin: IBM Tivoli Monitoring Agent Framework component. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9843)
Summary IBM Tivoli Monitoring uses zlib compression library in both the General services library and the File Transfer component. This bulletin address several reported vulnerabilities in the zlib compression library. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a...
CVE-2017-7609
elfcompress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service memory consumption via a crafted ELF file...
Automated Modular Cryptanalysis Tool: FeatherDuster
Automated Modular Cryptanalysis Tool FeatherDuster is a tool written by Daniel “unicornfurnace” Crowley of NCC Group for breaking crypto which tries to make the process of identifying and exploiting weak cryptosystems as easy as possible. Cryptanalib is the moving parts behind FeatherDuster, and...