Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.

TALOS
Open in Source
#vulnerability#web#mac#cisco#java#intel#c++#rce#perl#pdf#buffer_overflow
Eclipse ThreadX Buffer Overflows

Eclipse ThreadX versions prior to 6.4.0 suffers from a missing array size check causing a memory overwrite, missing parameter checks leading to integer wraparound, under allocations, heap buffer overflows, and more.

AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain

By Waqas The Llama Drama vulnerability in the Llama-cpp-Python package exposes AI models to remote code execution (RCE) attacks, enabling attackers to steal data. Currently, over 6,000 models are affected by this vulnerability. This is a post from HackRead.com Read the original post: AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain

Talos releases new macOS open-source fuzzer

Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.

Apple Security Advisory 05-13-2024-1

Apple Security Advisory 05-13-2024-1 - Safari 17.5 addresses a bypass vulnerability.

Gentoo Linux Security Advisory 202405-33

Gentoo Linux Security Advisory 202405-33 - Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution. Versions greater than or equal to 0.10.1 are affected.

How Did Authorities Identify the Alleged Lockbit Boss?

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how they connected him to Khoroshev. This post examines the activities of Khoroshev's many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.

RIOT 2024.01 Buffer Overflows / Lack Of Size Checks / Out-Of-Bound Access

RIOT versions 2024.01 and below suffers from multiple buffer overflows, ineffective size checks, and out-of-bounds memory access vulnerabilities.

Gentoo Linux Security Advisory 202405-14

Gentoo Linux Security Advisory 202405-14 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.13_p20240322 are affected.

Live2D Cubism Heap Corruption

Live2D Cubism suffers from a heap corruption vulnerability.