Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2023-28480: Silently Install UDF

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls.

CVE
Open in Source
#sql#vulnerability#web#mac#java#c++#nginx#auth#ssh#docker
CVE-2023-40359: XTERM - Change Log

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue.

South African Power Supplier Hit by DroxiDat Malware

By Deeba Ahmed Cybersecurity researchers at Securelist have discovered a cyberattack against a power-generating firm in South Africa. Reportedly, the firm… This is a post from HackRead.com Read the original post: South African Power Supplier Hit by DroxiDat Malware

CVE-2023-40296: Stack Buffer Overflow in static void ReceiveFrom(UDPSocket* udpSocket) at udpsocket.hpp · Issue #32 · eminfedar/async-sockets-cpp

async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udpsocket.hpp when processing malformed UDP packets.

MoustachedBouncer Hackers Caught Spying on Embassies

By Deeba Ahmed MoustachedBouncer is a Belarusian government-backed hacking group that has been active since 2014. This is a post from HackRead.com Read the original post: MoustachedBouncer Hackers Caught Spying on Embassies

CVE-2021-3236: Lack of verification of wp->w_buffer causes null pointer references in ex_buffer_all() · Issue #7674 · vim/vim

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.

CVE-2021-25786: Heap-use-after-free in `Pl_ASCII85Decoder::write` · Issue #492 · qpdf/qpdf

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

CVE-2020-24221: I found a large or infinite loop in ngiflib · Issue #17 · miniupnp/ngiflib

An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).

CVE-2023-39945: Fast-CDR/src/cpp/Cdr.cpp at v1.0.26 · eProsima/Fast-CDR

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue.