Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2023-27728: SEGV src/njs_json.c in njs_dump_is_recursive · Issue #618 · nginx/njs

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.

CVE
Open in Source
#js#git#c++#nginx
CVE-2023-29417: heap-buffer-overflow in bz3_decompress() · Issue #97 · kspalaiologos/bzip3

** DISPUTED ** An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.

CVE-2022-43664: TALOS-2022-1673 || Cisco Talos Intelligence Group

A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability.

CVE-2020-19695: Array elements left uninitialized in Array.prototype.slice() for primitive this values. · Issue #188 · nginx/njs

Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.

CVE-2020-19692: Heap based buffer overflow in njs_module.c · Issue #187 · nginx/njs

Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.

CVE-2020-23257: IIlegal memory access may lead to arbitrary memory write inside jsvGarbageCollectMarkUsed · Issue #1820 · espruino/Espruino

Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c.

CVE-2023-26991: stack-use-after-scope exists in function swf_ReadSWF2 in lib/rfxswf.c · Issue #196 · matthiaskramm/swftools

SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c.

CVE-2023-26733: Security-Issue-Report-of-TinyTIFF/README.md at main · 10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF

Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file.

A Tiny Blog Took on Big Surveillance in China—and Won

Digging through manuals for security cameras, a group of gearheads found sinister details and ignited a new battle in the US-China tech war.

RHSA-2023:1569: Red Hat Security Advisory: gnutls security and bug fix update

An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0361: A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the v...