Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2023-29573: fuzz_vuln/readme.md at main · z1r00/fuzz_vuln

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component.

CVE
Open in Source
#ubuntu#c++
CVE-2023-27772: SEGV in function ControlObjectClient_setOrigin() · Issue #442 · mz-automation/libiec61850

libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c.

CVE-2023-1906: heap-buffer-overflow vulnerability in latest Imagemagick including 7.1.1-4 & 7.1.1-6 (Beta)

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

CVE-2023-27830: TightVNC: What's New in TightVNC

TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.

CVE-2023-29574: out-of-memory in mp42avc · Issue #841 · axiomatic-systems/Bento4

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.

CVE-2023-29580: SEGV yasm/libyasm/expr.c:87:44 in yasm_expr_create · Issue #215 · yasm/yasm

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.

CVE-2023-29576: SEGV Ap4TrunAtom.h:80:80 in AP4_TrunAtom::SetDataOffset(int) · Issue #844 · axiomatic-systems/Bento4

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h.

Botan C++ Crypto Algorithms Library 3.0.0

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

CVE-2023-1975: remove exif · answerdev/answer@ac3f2f0

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.

Demystifying risk using CVEs and CVSS

<p>For some time now, the conversation around what poses risk in software vulnerabilities has been evolving. It has been gratifying to hear other voices amplifying what I, and generally Red Hat, have been saying for years: not all vulnerabilities in software matter, and not all vulnerabilities in software are created equal. A number of industry leaders in the security space have been saying this, and those voices are becoming louder and harder to ignore. More importantly, as I talk to customers, the message is beginning to resonate. And that’s for one simple reason:</p&a