Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2023-38632: Stack buffer overflow in static void Receive(TCPSocket* socket) at tcpsocket.hpp · Issue #31 · eminfedar/async-sockets-cpp

async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets.

CVE
Open in Source
#vulnerability#linux#c++#buffer_overflow
OpenSSH Forwarded SSH-Agent Remote Code Execution

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

Red Hat Security Advisory 2023-4158-01

Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

CVE-2023-37748: Infinite loop has occurred when running program gif2tga in function DecodeGifImg at ngiflib.c · Issue #25 · miniupnp/ngiflib

ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-37139: dynamic-stack-buffer-overflow in release build · Issue #6884 · chakra-core/ChakraCore

ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray().

CVE-2022-33065: UndefinedBehaviorSanitizer: multiple signed integer overflow · Issue #833 · libsndfile/libsndfile

Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

CVE-2022-33064: UndefinedBehaviorSanitizer: index 100 out of bounds for type 'SF_CUE_POINT [100]' · Issue #832 · libsndfile/libsndfile

An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.

CVE-2020-23910: A stack overflow in genhash.c:506:7 causes Segmentation fault · Issue #396 · vlm/asn1c

Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c.

CVE-2021-34119: Heap-buffer-overflow in function parse_paragraph() in ps-pdf.cxx · Issue #431 · michaelrsweet/htmldoc

A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.