Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2021-27219: CVE-2021-27219 (GHSL-2021-045): integer overflow in g_bytes_new/g_memdup (#2319) · Issues · GNOME / GLib

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

CVE
Open in Source
#vulnerability#ubuntu#linux#git#c++
CVE-2021-27191: limit total IPs in range to avoid DoS · JoeScho/get-ip-range@98ca22b

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion.

CVE-2020-28595: TALOS-2020-1219 || Cisco Talos Intelligence Group

An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2020-28596: TALOS-2020-1220 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2020-13575: TALOS-2020-1186 || Cisco Talos Intelligence Group

A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2020-13577: TALOS-2020-1188 || Cisco Talos Intelligence Group

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2020-13578: TALOS-2020-1189 || Cisco Talos Intelligence Group

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2020-13574: TALOS-2020-1185 || Cisco Talos Intelligence Group

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2020-13576: TALOS-2020-1187 || Cisco Talos Intelligence Group

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2021-26910: disabled overlayfs, 0.9.64.4 testing · netblue30/firejail@97d8a03

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.