Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

Red Hat Security Advisory 2023-0274-01

Red Hat Security Advisory 2023-0274-01 - Angular JavaScript library packaged for setuptools / pip.

Packet Storm
Open in Source
#xss#vulnerability#ios#red_hat#js#java#c++
Red Hat Security Advisory 2023-0395-01

Red Hat Security Advisory 2023-0395-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Security Advisory 2023-0296-01

Red Hat Security Advisory 2023-0296-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

CVE-2021-43444: GitHub - ONLYOFFICE/server: The backend server software layer which is the part of ONLYOFFICE Document Server and is the base for all other components

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key.

CVE-2022-48281: heap-buffer-overflow /home/a13579/fuzz_lib_tiff/report/libtiff_asan/libtiff/tif_unix.c:362 in _TIFFmemset in branch 38a58201 (#488) · Issues · libtiff / libtiff · GitLab

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

CVE-2023-24040: vulns/HNS-2022-01-dtprintinfo.txt at main · hnsecurity/vulns

** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2023-24039: exploits/raptor_dtprintlibXmas.c at master · 0xdea/exploits

** UNSUPPORTED WHEN ASSIGNED ** A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2023-24025: GitHub - PQClean/PQClean at d03da3053491e767ef842deaef43fc5bdb6bc911

CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.

CVE-2022-45748: Bug: heap-use-after-free in function Assimp::ColladaParser::ExtractDataObjectFromChannel() · Issue #4286 · assimp/assimp

An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.

Solaris 10 dtprintinfo Local Privilege Escalation

Solaris 10 CDE local privilege escalation exploit that achieves root by injecting a fake printer via lpstat and uses a buffer overflow in libXM ParseColors().