Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2022-34032: SEGV src/njs_value.c:240:21 in njs_value_own_enumerate · Issue #524 · nginx/njs

Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.

CVE
#ubuntu#linux#js#git#c++#nginx
CVE-2022-34031: SEGV src/njs_value_conversion.h:17:9 in njs_value_to_number · Issue #523 · nginx/njs

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.

CVE-2022-34030: SEGV src/njs_djb_hash.c:21:16 in njs_djb_hash · Issue #540 · nginx/njs

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c.

CVE-2022-34029: SEGV njs_scope.h:74:12 Out-of-bounds Read in njs_scope_value · Issue #506 · nginx/njs

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.

CVE-2022-34028: SEGV src/njs_utf8.h:52:9 in njs_utf8_next · Issue #522 · nginx/njs

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h.

CVE-2022-34027: SEGV njs_value.c:1083:19 in njs_value_property · Issue #504 · nginx/njs

Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.

CVE-2022-31213: Multiple Memory Corruption Vulnerabilities in dbus-broker

An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.

Emerging H0lyGh0st Ransomware Tied to North Korea

Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530.

CVE-2022-35409: Releases · Mbed-TLS/mbedtls

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.

North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a