Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

Red Hat Security Advisory 2023-1809-01

Red Hat Security Advisory 2023-1809-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

Packet Storm
Open in Source
#vulnerability#web#linux#red_hat#dos#java#c++#firefox
YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader

Cybersecurity researchers have detailed the inner workings of a highly evasive loader named "in2al5d p3in4er" (read: invalid printer) that's used to deliver the Aurora information stealer malware. "The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM (virtual machine) technique," cybersecurity firm Morphisec said in a report

CVE-2021-33797: Issue #148: Check for overflow when reading floating point exponent. · ccxvii/mujs@833b6f1

Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.

FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. The malware, dubbed Domino, is primarily designed to facilitate follow-on exploitation on compromised systems, including delivering a lesser-known information stealer that

CVE-2021-39295: GitHub - openbmc/openbmc: OpenBMC Distribution

In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.

CVE-2023-29201: XCOMMONS-2426: Provide a component for filtering safe HTML elements a… · xwiki/xwiki-commons@4a185e0

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped `<script>` and `<style>`-tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like `<iframe>`. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.6 RC1 with the introduction of a filter with allowed HTML elements and attributes that is enabled in restricted mode. There are no known workarounds apart from upgrading to a version incl...

CVE-2023-29627: File uploads | Web Security Academy

Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.

CVE-2023-29573: fuzz_vuln/readme.md at main · z1r00/fuzz_vuln

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component.

CVE-2023-27772: SEGV in function ControlObjectClient_setOrigin() · Issue #442 · mz-automation/libiec61850

libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c.

CVE-2023-1906: heap-buffer-overflow vulnerability in latest Imagemagick including 7.1.1-4 & 7.1.1-6 (Beta)

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.