CVE-2018-11529

View CSAF Summary ABB is aware of public reports of vulnerabilities in a 3rd party component VLC media player Version 2.2.4 which was delivered together with the installation package of Camera Connect Version 1.5.0.14 and below. An update is available that resolves a privately reported outdated 3rd party component with vulnerabilities in the product versions listed as affected in this advisory. An attacker who successfully exploited any of these vulnerabilities in the 3rd party component could potentially compromise the system in different ways. The following versions of ABB Ability Camera Connect are affected: Ability Camera Connect vers:intdot/<=1.5.0.14, 1.5.0.15 CVSS Vendor Equipment Vulnerabilities v3 9.8 ABB ABB Ability Camera Connect Heap-based Buffer Overflow, Integer Underflow (Wrap or Wraparound), Out-of-bounds Write, Uncontrolled Search Path Element, Integer Overflow or Wraparound, Off-by-one Error, Out-of-bounds Read, Double Free, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free Background Critical Infrastructure Sectors: Chemical, Commercial Facilities, Communications, Critical Manufacturing, Energy, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2024-46461 VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges. View CVE Details Affected Products ABB Ability Camera Connect Vendor:ABB Product Version:ABB Ability Camera Connect <=1.5.0.14 Product Status:fixed, known_affected Remediations MitigationThe VLC-based component operates solely within completely isolated environments without internet access or any connectivity to external...