Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2023-1975: remove exif · answerdev/answer@ac3f2f0

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.

CVE
Open in Source
#sql#mac#js#git#java#c++#oauth#auth#docker
Demystifying risk using CVEs and CVSS

<p>For some time now, the conversation around what poses risk in software vulnerabilities has been evolving. It has been gratifying to hear other voices amplifying what I, and generally Red Hat, have been saying for years: not all vulnerabilities in software matter, and not all vulnerabilities in software are created equal. A number of industry leaders in the security space have been saying this, and those voices are becoming louder and harder to ignore. More importantly, as I talk to customers, the message is beginning to resonate. And that’s for one simple reason:</p&a

CVE-2023-1916: tiffcrop: heap-buffer-overflow in file tiffcrop.c, line 7874 (#537) · Issues · libtiff / libtiff · GitLab

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

CVE-2021-45985: Lua: bugs

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

CVE-2023-27728: SEGV src/njs_json.c in njs_dump_is_recursive · Issue #618 · nginx/njs

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.

CVE-2023-27727: SEGV src/njs_function.h:155:9 in njs_function_frame · Issue #617 · nginx/njs

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.

CVE-2023-29417: heap-buffer-overflow in bz3_decompress() · Issue #97 · kspalaiologos/bzip3

** DISPUTED ** An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.

CVE-2022-43664: TALOS-2022-1673 || Cisco Talos Intelligence Group

A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability.

CVE-2023-26733: Security-Issue-Report-of-TinyTIFF/README.md at main · 10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF

Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file.

CVE-2020-23257: IIlegal memory access may lead to arbitrary memory write inside jsvGarbageCollectMarkUsed · Issue #1820 · espruino/Espruino

Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c.