#buffer_overflow

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT, NEXUS, MATRIX Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to assume control of the target device or perform a denial-of-service (DoS) attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the following products are affected: ABB ASPECT-Enterprise ASP-ENT-x: Versions prior to 3.08.04-s01 ABB NEXUS Series NEX-2x: Versions prior to 3.08.04-s01 ABB NEXUS Series NEXUS-3-x: Versions prior to 3.08.04-s01 ABB MATRIX Series MAT-x: Versions prior to 3.08.04-s01 3.2 VULNERABILITY OVERVIEW 3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288 Due to an issue in configuration, code that was intended for debugging purposes was included in the market rele...

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code over a network.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to elevate privileges locally.

Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.

The crate has the following vulnerabilities: - The public trait `arenavec::common::AllocHandle` allows the return of raw pointers through its methods `allocate` and `allocate_or_extend`. However, the trait is not marked as unsafe, meaning users of the crate may implement it under the assumption that the library safely handles the returned raw pointers. These raw pointers can later be dereferenced within safe APIs of the crate-such as `arenavec::common::SliceVec::push`-potentially leading to arbitrary memory access. - The safe API `arenavec::common::SliceVec::reserve` can reach the private function `arenavec::common::allocate_inner`. Incorrect behavior in `allocate_inner` may result in a `SliceVec` with an increased capacity, even though the underlying memory has not actually been expanded. This mismatch between `SliceVec.capacity` and the actual reserved memory can lead to a heap buffer overflow. - The safe API `arenavec::common::SliceVec::split_off` can duplicate the ownership of t...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: COMMGR Vulnerabilities: Stack-based Buffer Overflow, Code Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics COMMGR are affected: COMMGR: Versions v2.9.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 Delta Electronics COMMGR versions 2.9.0 and prior are vulnerable to a Stack-based Buffer Overflow vulnerability that could allow an attacker to execute arbitrary code by crafting specially designed .isp files. CVE-2025-53418 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). A CVSS v4 score has also been calculated for CVE-2025-53418. A base score of 8.8 has b...

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in