Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2021-41556: Squirrel - The Programming Language

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.

CVE
Open in Source
#ios#android#mac#windows#linux#git#java#c++#pdf
CVE-2022-34612: An integer overflow is found in get_long_object() · Issue #2738 · rizinorg/rizin

Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary.

CVE-2021-33448: AddressSanitizer: stack-buffer-overflow in <unknown module> · Issue #170 · cesanta/mjs

An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390.

CVE-2021-33437: AddressSanitizer: 1 memory leaks of frozen_cb() · Issue #160 · cesanta/mjs

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c.

Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This

Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.

Apple Security Advisory 2022-07-20-7

Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.

CVE-2022-34503: heap-buffer-overflow in `QPDF::processXRefStream` found by ASAN · Issue #701 · qpdf/qpdf

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script which is used for deleting snapshots taken from the webcam.

CVE-2020-36558

A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.