Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Missing Encryption of Sensitive Data, Cross-site Scripting, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Improper Input Validation, Out-of-bounds Write, Out-of-bounds Read, Infinite Loop, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Allocation of Resources Without Limits or ...

us-cert
Open in Source
#sql#xss#vulnerability#web#ios#mac#windows#apple#google#linux#debian#dos#redis#nodejs#js#git#intel#php#c++#rce#perl#xpath#ldap#samba#ssrf#buffer_overflow#oauth#auth#ssh#telnet#ibm#chrome#ssl
Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities

Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer (UBSan), a tool designed to catch various kinds of

CVE-2023-50495: Segment fault in tic

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

CVE-2023-49994: Floating Point Exception exists in the function PeaksToHarmspect in wavegen.c · Issue #1823 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.

CVE-2023-49990: global-buffer-overflow exists in the function SetUpPhonemeTable in synthdata.c · Issue #1824 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.

CVE-2023-49991: stack-buffer-underflow exists in the function CountVowelPosition in synthdata.c · Issue #1825 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.

CVE-2023-49992: stack-buffer-overflow exists in the function RemoveEnding in dictionary.c · Issue #1827 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.

CVE-2023-49993: global-buffer-overflow exists in the function ReadClause in readclause.c · Issue #1826 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.

CVE-2023-46932: heap-buffer-overflow in str2ulong src/media_tools/avilib.c:137:16 in gpac/MP4Box · Issue #2669 · gpac/gpac

Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.

Ubuntu Security Notice USN-6542-1

Ubuntu Security Notice 6542-1 - Wang Zhong discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.