#c++

libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c.

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3165: An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. * CVE-2022-4172: An integer overflow and buffer overflow issues were found in...

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3358: A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent ciph...

SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, so only C++ applications are affected. Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library.  As of version 1.1.0, this must be both explicitly enabled in order to be compiled in. Three preconditions must be met for this vulnerability to be possible: 1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time) 2. ODBCAppender enabled for logging messages to, generally done via a config file 3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected. Users are recommended to upgrade to version 1.1.0 which properly binds the parameters ...

An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use.

An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.

Debian Linux Security Advisory 5394-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

Ubuntu Security Notice 6048-1 - It was discovered that ZenLib doesn't check the return value of a specific operation before using it. An attacker could use a specially crafted input to crash programs using the library.

swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c

Categories: News Tags: ChatGPT Tags: How Secure is Code Generated by ChatGPT? Tags: Raphaël Khoury Tags: Anderson Avila Tags: Jacob Brunelle Tags: Baba Mamadou Camara Tags: Université du Québec Tags: ChatGPT makes insecure code Researchers have found that ChatGPT, OpenAI's popular chatbot, is prone to generating insecure code. (Read more...) The post ChatGPT writes insecure code appeared first on Malwarebytes Labs.