Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2023-26991: stack-use-after-scope exists in function swf_ReadSWF2 in lib/rfxswf.c · Issue #196 · matthiaskramm/swftools

SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c.

CVE
Open in Source
#c++
CVE-2020-19695: Array elements left uninitialized in Array.prototype.slice() for primitive this values. · Issue #188 · nginx/njs

Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.

CVE-2020-19692: Heap based buffer overflow in njs_module.c · Issue #187 · nginx/njs

Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.

A Tiny Blog Took on Big Surveillance in China—and Won

Digging through manuals for security cameras, a group of gearheads found sinister details and ignited a new battle in the US-China tech war.

RHSA-2023:1569: Red Hat Security Advisory: gnutls security and bug fix update

An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0361: A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the v...

GHSA-2g5w-29q9-w6hx: mindsdb arbitrary file write when extracting a remotely retrieved Tarball

### Summary An unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. ### Details I commented the following snippet of code as a vulnerability details. The code is from [file.py#L26..L134](https://github.com/mindsdb/mindsdb/blob/afedd37c16e579b6dc075b0814e42d0505ccdc07/mindsdb/api/http/namespaces/file.py#L26..L134) ```python @ns_conf.route('/<name>') @ns_conf.param('name', "MindsDB's name for file") class File(Resource): @ns_conf.doc('put_file') def put(self, name: str): ''' add new file params in FormData: - file - original_file_name [optional] ''' data = {} ... omitted for brevity url = data['source'] data['file'] = data['name'] ... omitted for brevity ...

GHSA-7x45-phmr-9wqp: Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location

### Summary An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a **TarSlip** or a **ZipSlip variant**. ### Details Unpacking files using the high-level function `shutil.unpack_archive()` from a potentially malicious tarball without validating that the destination file path remained within the intended destination directory may cause files to be overwritten outside the destination directory. As can be seen in the vulnerable snippet code source, an archive is being retrieved using the `download_file()` function from a remote location which is a user-provided permanent storage bucket `s3`. Immediately after being retrieved, the tarball is unsafely unpacked using the function `shutil.unpack_archive()`. The vulnerable code is [L128..L129](https://github.com/mindsdb/mindsdb/blob/69c76e727b8067f32b06ab83bb835a8c416c...

CVE-2022-23522: Arbitrary File Write when Extracting Tarballs retrieved from a remote location using `shutil.unpack_archive()`

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a **TarSlip** or a **ZipSlip variant**. Unpacking files using the high-level function `shutil.unpack_archive()` from a potentially malicious tarball without validating that the destination file path remained within the intended destination directory may cause files to be overwritten outside the destination directory. An attacker could craft a malicious tarball with a filename path, such as `../../../../../../../../etc/passwd`, and then serve the archive remotely using a personal bucket `s3`, thus, retrieve the tarball through **mindsdb** and overwrite the system files of the hosting server. This issue has been addressed in version 22.11.4.3. Users are advised to upgrade. Users unable to upgrade should avoid inge...

CVE-2023-24473: TALOS-2023-1707 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

Google reveals spyware attack on Android, iOS, and Chrome

By Habiba Rashid Google's Threat Analysis Group (TAG) labeled the spyware campaign as limited but highly targeted. This is a post from HackRead.com Read the original post: Google reveals spyware attack on Android, iOS, and Chrome