CVE-2022-27625

A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology...

Altair HyperView Player

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Altair Equipment: HyperView Player Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Uninitialized Resource, Improper Validation of Array Index 2. RISK EVALUATION Successful...

PT-2022-5402 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to a privilege escalation vulnerability in the Microsoft Windows COM+ Event System Service. It is caused by a buffer overflow in memory, which can be exploite...

uClibC and uClibC-ng libpthread linuxthreads memory corruption vulnerabilities

Talos Vulnerability Report TALOS-2022-1517 uClibC and uClibC-ng libpthread linuxthreads memory corruption vulnerabilities September 22, 2022 CVE Number CVE-2022-29503 SUMMARY A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng...

ImageMagick ReadXBMImage Information Disclosure (CVE-2018-16323)

An information disclosure vulnerability exists in ImageMagick. The vulnerability is due to improper handling of memory buffer by ReadXBMImage. A remote attacker could exploit this vulnerability by having an affected application that implements ImageMagick process a maliciously crafted file...

CVE-2022-37302

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...

CVE-2022-37302

CVE-2022-37302 affects Schneider Electric EcoStruxure Control Expert (formerly Unity Pro) and is described as CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer. The vulnerability can cause the Control Expert software to crash when opening an incorrect project file, ...

Siemens SINEC INS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerabilities: Improper Input Validation, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Command Injection, Inadequate Encryption Strength, Missing...

Improper Restriction of Operations within the Bounds of a Memory Buffer

Overview Affected versions of this package are vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer in the elflookup function in plxelf.cpp via a crafted Mach-O file. Remediation Upgrade upx to version or higher. References - GitHub Commit - GitHub Issue Credit:...

ROS-20220721-01

Vulnerability in the ProcXkbSetGeometry call handler of X.Org Server is related to improper protection of the of signal strength warnings during request length processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or escalate privileges A...

PT-2022-4154 · Schneider Electric · Ecostruxure Control Expert

Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert versions V15.1 HF001 and prior Description: A memory buffer issue exists that could cause a crash of the Control Expert software when an incorrect project file is opened. The issue is related to improper restriction...

Siemens EN100 Ethernet Module Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2022-30938)

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant All versions, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.40, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO varia...

Schneider Electric PowerLogic Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-22714)

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 All versions prior to V3.0.0, which could cause the meter to reboot or allow for remote code execution. - A CWE-119:Improper restriction of operations...

Schneider Electric Modicon Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2022-34764)

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prio...

Schneider Electric PowerLogic Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-22713)

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 see security notifcation for affected versions, which could cause the meter to reboot. This plugin only works wi...

PT-2025-53960

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s drm/virtio subsystem. The issue involves a missing check to ensure that transferred 2D buffer objects BO are shared memory shmem objects. If a userspa...

CVE-2022-34764

CVE-2022-34764 describes a CWE-119 vulnerability (improper restriction of operations within the bounds of a memory buffer) that could cause a denial of service when parsing URLs. Affected Schneider Electric devices include the X80 advanced RTU Communication Module BMENOR2200H (V1.0) and the OPC U...

Siemens PADS Standard/Plus Viewer

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: PADS Standard/Plus Viewer Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitations of...

Siemens EN100 Ethernet Module

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer. 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Siemens EN100 Ethernet Module Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2022-30937)

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant All versions, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO varia...