Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2023-4012: segfault in libcrypto.so (#794) · Issues · NTPsec / ntpsec · GitLab

ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).

CVE
Open in Source
#mac#linux#debian#redis#git#c++#amd#ssl
Ubuntu Security Notice USN-6274-1

Ubuntu Security Notice 6274-1 - Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery.

CVE-2023-39114: SEGV on unknown address has occurred when running program SDLaffgif in function SDL_LoadAnimatedGif at ngiflibSDL.c:179 · Issue #29 · miniupnp/ngiflib

ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.

CVE-2023-39113: SEGV on unknown address has occurred when running program gif2tga in function main at gif2tag.c · Issue #27 · miniupnp/ngiflib

ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.

Red Hat Security Advisory 2023-4313-01

Red Hat Security Advisory 2023-4313-01 - PostgreSQL is an advanced object-relational database management system.

Ubuntu Security Notice USN-6258-1

Ubuntu Security Notice 6258-1 - It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. This issue only affected llvm-toolchain-15.

Debian Security Advisory 5458-1

Debian Linux Security Advisory 5458-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

Data theft extortion rises, while healthcare is still most-targeted vertical in Talos IR engagements

Ransomware was the second most-observed threat this quarter, accounting for 17 percent of engagements, a slight increase from last quarter’s 10 percent.

North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder

North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the JumpCloud hack following an operational security (OPSEC) blunder that exposed their actual IP address. Google-owned threat intelligence firm Mandiant attributed the activity to a threat actor it tracks under the name UNC4899, which likely shares overlaps with clusters already

CVE-2023-26077: GitHub - mandiant/Vulnerability-Disclosures

Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.