Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

Red Hat Security Advisory 2022-5924-01

Red Hat Security Advisory 2022-5924-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.

Packet Storm
Open in Source
#vulnerability#web#red_hat#c++#docker
CVE-2022-34293: Release wolfSSL Release 5.4.0 (July 11, 2022) · wolfSSL/wolfssl

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.

New Orchard Botnet Uses Bitcoin Founder’s Account Info to Generate Malicious Domains

A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names to conceal its command-and-control (C2) infrastructure. "Because of the uncertainty of Bitcoin transactions, this technique is more unpredictable than using the common time-generated [domain generation algorithms], and thus more difficult to defend

CVE-2022-35930: Merge pull request from GHSA-739f-hw6h-7wq8 · sigstore/policy-controller@e852af3

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (--type defaults to "custom"). An example image that can be used to test this is `ghcr.io/distroless/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2`. Users should upgrade to version 0.2.1 to resolve this issue. There are no workarounds for users unable to upgrade.

Gentoo Linux Security Advisory 202208-04

Gentoo Linux Security Advisory 202208-4 - Multiple vulnerabilities in libmcpp could result in a denial of service condition. Versions less than 2.7.2_p5 are affected.

CVE-2022-34526: tiffsplit: stack-buffer-overflow in _TIFFVGetField() (#433) · Issues · libtiff / libtiff · GitLab

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file.

CVE-2021-41556: Squirrel - The Programming Language

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.

CVE-2022-34612: An integer overflow is found in get_long_object() · Issue #2738 · rizinorg/rizin

Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary.

CVE-2021-33448: AddressSanitizer: stack-buffer-overflow in <unknown module> · Issue #170 · cesanta/mjs

An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390.

CVE-2021-33437: AddressSanitizer: 1 memory leaks of frozen_cb() · Issue #160 · cesanta/mjs

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c.