Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2023-27830: TightVNC: What's New in TightVNC

TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.

CVE
Open in Source
#vulnerability#web#ios#mac#windows#apple#ubuntu#linux#debian#red_hat#dos#redis#js#git#java#c++#perl#buffer_overflow#auth#ssh#rpm#docker#sap#ssl
CVE-2023-29574: out-of-memory in mp42avc · Issue #841 · axiomatic-systems/Bento4

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.

CVE-2023-29580: SEGV yasm/libyasm/expr.c:87:44 in yasm_expr_create · Issue #215 · yasm/yasm

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.

CVE-2023-29576: SEGV Ap4TrunAtom.h:80:80 in AP4_TrunAtom::SetDataOffset(int) · Issue #844 · axiomatic-systems/Bento4

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h.

Botan C++ Crypto Algorithms Library 3.0.0

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

CVE-2023-1975: remove exif · answerdev/answer@ac3f2f0

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.

Demystifying risk using CVEs and CVSS

<p>For some time now, the conversation around what poses risk in software vulnerabilities has been evolving. It has been gratifying to hear other voices amplifying what I, and generally Red Hat, have been saying for years: not all vulnerabilities in software matter, and not all vulnerabilities in software are created equal. A number of industry leaders in the security space have been saying this, and those voices are becoming louder and harder to ignore. More importantly, as I talk to customers, the message is beginning to resonate. And that’s for one simple reason:</p&a

CVE-2023-1916: tiffcrop: heap-buffer-overflow in file tiffcrop.c, line 7874 (#537) · Issues · libtiff / libtiff · GitLab

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

CVE-2021-45985: Lua: bugs

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

CVE-2023-27727: SEGV src/njs_function.h:155:9 in njs_function_frame · Issue #617 · nginx/njs

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.