EUVD-2021-18760

Malware in sbrugna...

CLSA-2025-1757947715 php: Fix of 3 CVEs

CVE-2017-9224: fix out-of-bounds read of a stack in matchat function - CVE-2017-9226: fix out-of-bounds write or read of a heap in nextstateval function - CVE-2017-9227: fix out-of-bounds read of a stack in mbcenclen function...

CLSA-2025-1757944976 php: Fix of 3 CVEs

CVE-2017-9224: fix out-of-bounds read of a stack in matchat function - CVE-2017-9226: fix out-of-bounds write or read of a heap in nextstateval function - CVE-2017-9227: fix out-of-bounds read of a stack in mbcenclen function...

CLSA-2025-1757944902 php: Fix of 3 CVEs

CVE-2017-9224: fix out-of-bounds read of a stack in matchat function - CVE-2017-9226: fix out-of-bounds write or read of a heap in nextstateval function - CVE-2017-9227: fix out-of-bounds read of a stack in mbcenclen function...

CVE-2021-31887

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

Malicious code in dna-mbc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4919122f5b393650aa18a1db8740d7a79cfa480059256e2c386c52ab0a1c8405 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1115 Malicious code in dna-mbc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4919122f5b393650aa18a1db8740d7a79cfa480059256e2c386c52ab0a1c8405 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV-2022-1142 Heap-buffer-overflow in onigenc_unicode_mbc_case_fold

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53030 Crash type: Heap-buffer-overflow READ 1 Crash state: onigencunicodembccasefold mbccasefold stringcmpic...

PT-2022-36747 · Git +1 · Oniguruma

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the functions gbNUMBER mbc enc len, onigenc mbn mbc to code, and gbNUMBER mbc t...

PT-2022-36680 · Git +1 · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read, which was identified through an OSS-Fuzz report. The crash state involves several functions, includi...

CVE-2022-38371

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 =...

CVE-2022-38371

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 =...

CVE-2021-31888

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

CVE-2021-31890

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, PLUSCONTROL 1st Gen All versions, SIMOTICS CONNECT 400 All versions V0.5.0.0, SIMOTICS CONNECT 400 All versions V1.0.0.0. The total length of an TCP...

CVE-2021-31882

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303. The DHCP client application does not validate the length of the Domain Name Server IP options 0x06 when processing DHCP ACK packets. This may lead to...

Design/Logic Flaw

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

CVE-2021-31888

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

CVE-2021-31884

CVE-2021-31884 affects Siemens Nucleus/APOGEE/TALON family (MBC/MEC/PXC/Nucleus) with a DHCP client hostname option handling flaw. The DHCP hostname data is not guaranteed to be NULL-terminated, which can cause out-of-bounds reads/writes and Denial-of-Service. The available connected sources conf...

CVE-2021-31883

CVE-2021-31883 affects Siemens APOGEE MBC / TALON products (Nucleus RTOS) including APOGEE MBC (PPC/BACnet), APOGEE MEC, APOGEE PXC Compact/Modular, Desigo PXC variants, and Capital VSTAR with Ethernet options. Root cause: DHCP client processing fails to validate the length of Vendor option(s) in...

CVE-2021-31881

CVE-2021-31881 involves APOGEE MBC/TALON/Desigo PXC software family (Siemens Nucleus RTOS, BACnet/PPC) where the DHCP client fails to validate the Vendor option length when processing DHCP OFFER, leading to Denial-of-Service. Multiple Tenable OT/Nessus entries corroborate this family of DHCP leng...