Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2022-23098: connman/connman.git - Connection Manager

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.

CVE
Open in Source
#web#mac#git#c++#perl#buffer_overflow#auth#jira#wifi
CVE-2021-22570: Release Protocol Buffers v3.15.0 · protocolbuffers/protobuf

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

CVE-2021-45343: NULL pointer dereference in DXF parser, HATCH code 93 · Issue #1468 · LibreCAD/LibreCAD

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.

CVE-2021-45342: Remote Code Execution vulnerability in LibreCAD 2.2.0-rc3 (JWW CDataList) · Issue #1464 · LibreCAD/LibreCAD

A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

CVE-2021-45341: Remote Code Execution vulnerability in LibreCAD 2.2.0-rc3 (JWW CDataMoji) · Issue #1462 · LibreCAD/LibreCAD

A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

CVE-2022-23850: [Bug Report]stack-buffer-overflow in Function epub2txt_do_file() AT src/epub2txt.c · Issue #17 · kevinboone/epub2txt2

xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document.

CVE-2021-34600: Advisory X41-2021-003: Telenot complex - Insecure AES Key Generation

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.

An Armful of CHERIs

Today, Arm announced that the first silicon supporting the Morello prototype architecture, a research project led by Arm, Microsoft, University of Cambridge and others, is now available on a limited run of demonstration boards, which are being shipped from today to industry partners for testing. Morello is the first high-performance implementation of the CHERI extensions.

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).