Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This

The Hacker News
Open in Source
#vulnerability#web#google#js#git#java#wordpress#c++#buffer_overflow#The Hacker News
Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.

Apple Security Advisory 2022-07-20-7

Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.

CVE-2022-34503: heap-buffer-overflow in `QPDF::processXRefStream` found by ASAN · Issue #701 · qpdf/qpdf

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script which is used for deleting snapshots taken from the webcam.

CVE-2020-36558

A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit

The home automation solution suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'name' GET parameter in 'delsnap.pl' Perl/CGI script which is used for deleting snapshots taken from the webcam.

CVE-2022-24660: Cryptocurrency ASIC Miners – Security and Hacking Audit – James A. Chambers

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext.

CVE-2022-34035: AddressSanitizer: heap-buffer-overflow on write_node htmldoc/htmldoc/html.cxx:588 · Issue #426 · michaelrsweet/htmldoc

HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.

CVE-2022-34032: SEGV src/njs_value.c:240:21 in njs_value_own_enumerate · Issue #524 · nginx/njs

Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.