Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2021-33448: AddressSanitizer: stack-buffer-overflow in <unknown module> · Issue #170 · cesanta/mjs

An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390.

CVE
Open in Source
#ubuntu#js#git#java#c++#buffer_overflow
CVE-2021-33437: AddressSanitizer: 1 memory leaks of frozen_cb() · Issue #160 · cesanta/mjs

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c.

Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This

Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.

Apple Security Advisory 2022-07-20-7

Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.

CVE-2022-34503: heap-buffer-overflow in `QPDF::processXRefStream` found by ASAN · Issue #701 · qpdf/qpdf

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script which is used for deleting snapshots taken from the webcam.

CVE-2020-36558

A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit

The home automation solution suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'name' GET parameter in 'delsnap.pl' Perl/CGI script which is used for deleting snapshots taken from the webcam.

CVE-2022-24660: Cryptocurrency ASIC Miners – Security and Hacking Audit – James A. Chambers

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext.