Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINUMERIK MC, SINUMERIK ONE Vulnerability: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SINUMERIK MC: All versions prior to V1.22 SINUMERIK ONE: All versions prior to V6.22 3.2 Vulnerability Overview 3.2.1 INTEGER OVERFLOW OR WRAPAROUND CWE-190 The OPC UA implementations (ANSI C and C++...

us-cert
Open in Source
#vulnerability#web#dos#c++#auth
Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities

Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer (UBSan), a tool designed to catch various kinds of

CVE-2023-50495: Segment fault in tic

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

CVE-2023-49990: global-buffer-overflow exists in the function SetUpPhonemeTable in synthdata.c · Issue #1824 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.

CVE-2023-49993: global-buffer-overflow exists in the function ReadClause in readclause.c · Issue #1826 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.

CVE-2023-49994: Floating Point Exception exists in the function PeaksToHarmspect in wavegen.c · Issue #1823 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.

CVE-2023-49992: stack-buffer-overflow exists in the function RemoveEnding in dictionary.c · Issue #1827 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.

CVE-2023-49991: stack-buffer-underflow exists in the function CountVowelPosition in synthdata.c · Issue #1825 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.

CVE-2023-46932: heap-buffer-overflow in str2ulong src/media_tools/avilib.c:137:16 in gpac/MP4Box · Issue #2669 · gpac/gpac

Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.

Ubuntu Security Notice USN-6542-1

Ubuntu Security Notice 6542-1 - Wang Zhong discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.