Total
54 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-25315 | 5 Debian, Fedoraproject, Libexpat Project and 2 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | |||||
CVE-2022-32258 | 1 Siemens | 1 Sinema Remote Connect Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. | |||||
CVE-2022-32251 | 1 Siemens | 1 Sinema Remote Connect Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user. | |||||
CVE-2021-37193 | 1 Siemens | 1 Sinema Remote Connect Server | 2023-12-10 | 3.3 LOW | 4.3 MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa). | |||||
CVE-2022-22826 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2021-46143 | 4 Libexpat Project, Netapp, Siemens and 1 more | 8 Libexpat, Active Iq Unified Manager, Clustered Data Ontap and 5 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | |||||
CVE-2022-22827 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2021-37192 | 1 Siemens | 1 Sinema Remote Connect Server | 2023-12-10 | 3.3 LOW | 4.3 MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. | |||||
CVE-2022-22824 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2022-23102 | 1 Siemens | 1 Sinema Remote Connect Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. | |||||
CVE-2021-34798 | 8 Apache, Broadcom, Debian and 5 more | 18 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 15 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
CVE-2022-22822 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2021-37190 | 1 Siemens | 1 Sinema Remote Connect Server | 2023-12-10 | 3.3 LOW | 4.3 MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user. | |||||
CVE-2022-23990 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | |||||
CVE-2021-41991 | 4 Debian, Fedoraproject, Siemens and 1 more | 46 Debian Linux, Fedora, Cp 1543-1 and 43 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. | |||||
CVE-2021-37183 | 1 Siemens | 1 Sinema Remote Connect Server | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices. | |||||
CVE-2022-22825 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2021-37191 | 1 Siemens | 1 Sinema Remote Connect Server | 2023-12-10 | 3.3 LOW | 4.3 MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. | |||||
CVE-2022-22823 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2022-23852 | 6 Debian, Libexpat Project, Netapp and 3 more | 7 Debian Linux, Libexpat, Clustered Data Ontap and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. |