#buffer_overflow

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.81 09/19/2025 140.0.7339.186

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerabilities: NULL Pointer Dereference, Improper Validation of Integrity Check Value, Improper Restriction of XML External Entity Reference, Heap-based Buffer Overflow, Integer Overflow or Wraparound, Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'), Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a Denial-of-Service condition in RTU500 devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Hitachi Energy RTU500 series: Version 13.6.1 (CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) Hitachi Energy RTU500 series: Versions 12.7.1 through 12.7.7 (CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) Hitachi Energy RTU500 series: Versions 13.4.1 through 13.4.4 (CVE-2025-39203) Hitachi Energy RTU500 ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: User Management Component (UMC) Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIMATIC PCS neo V4.1: All versions Siemens SIMATIC PCS neo V5.0: All versions Siemens User Management Component (UMC): Versions prior to 2.15.1.3 3.2 VULNERABILITY OVERVIE...

Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that's built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. MIE, per the tech giant, offers "always-on memory safety protection" across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by designing its A19 and

Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products.

An off-by-one error in the `DrainCol::drop` destructor could cause an unsafe memory copy operation to exceed the bounds of the associated vector. The error was related to the size of the data being copied in one of the `ptr::copy` invocations inside the destructor. When removing the first column from a TooDee object, the DrainCol return object could cause a heap buffer overflow vulnerability when it is dropped. The issue was fixed in commit `e6e16d5` by reducing the copied size by one.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT, NEXUS, MATRIX Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to assume control of the target device or perform a denial-of-service (DoS) attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the following products are affected: ABB ASPECT-Enterprise ASP-ENT-x: Versions prior to 3.08.04-s01 ABB NEXUS Series NEX-2x: Versions prior to 3.08.04-s01 ABB NEXUS Series NEXUS-3-x: Versions prior to 3.08.04-s01 ABB MATRIX Series MAT-x: Versions prior to 3.08.04-s01 3.2 VULNERABILITY OVERVIEW 3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288 Due to an issue in configuration, code that was intended for debugging purposes was included in the market rele...

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to elevate privileges locally.

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code over a network.