ReportizFlow
Filtered by vendor Siemens
Subscriptions
Total
2134 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43400 | 1 Siemens | 1 Siveillance Video Mobile Server | 2025-05-07 | 9.8 Critical |
| A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. | ||||
| CVE-2017-5715 | 8 Arm, Canonical, Debian and 5 more | 230 Cortex-a, Ubuntu Linux, Debian Linux and 227 more | 2025-05-06 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| CVE-2022-32206 | 7 Debian, Fedoraproject, Haxx and 4 more | 35 Debian Linux, Fedora, Curl and 32 more | 2025-05-05 | 6.5 Medium |
| curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. | ||||
| CVE-2022-32205 | 7 Apple, Debian, Fedoraproject and 4 more | 29 Macos, Debian Linux, Fedora and 26 more | 2025-05-05 | 4.3 Medium |
| A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. | ||||
| CVE-2022-25315 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 12 Debian Linux, Fedora, Libexpat and 9 more | 2025-05-05 | 9.8 Critical |
| In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | ||||
| CVE-2022-25314 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 8 Debian Linux, Fedora, Libexpat and 5 more | 2025-05-05 | 7.5 High |
| In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | ||||
| CVE-2022-25236 | 5 Debian, Libexpat Project, Oracle and 2 more | 11 Debian Linux, Libexpat, Http Server and 8 more | 2025-05-05 | 9.8 Critical |
| xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | ||||
| CVE-2022-25235 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 12 Debian Linux, Fedora, Libexpat and 9 more | 2025-05-05 | 9.8 Critical |
| xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | ||||
| CVE-2022-23990 | 7 Debian, Fedoraproject, Libexpat Project and 4 more | 8 Debian Linux, Fedora, Libexpat and 5 more | 2025-05-05 | 7.5 High |
| Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | ||||
| CVE-2022-23852 | 7 Debian, Libexpat Project, Netapp and 4 more | 10 Debian Linux, Libexpat, Clustered Data Ontap and 7 more | 2025-05-05 | 9.8 Critical |
| Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | ||||
| CVE-2022-22827 | 5 Debian, Libexpat Project, Redhat and 2 more | 6 Debian Linux, Libexpat, Enterprise Linux and 3 more | 2025-05-05 | 8.8 High |
| storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||||
| CVE-2022-22826 | 5 Debian, Libexpat Project, Redhat and 2 more | 6 Debian Linux, Libexpat, Enterprise Linux and 3 more | 2025-05-05 | 8.8 High |
| nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||||
| CVE-2022-22825 | 5 Debian, Libexpat Project, Redhat and 2 more | 6 Debian Linux, Libexpat, Enterprise Linux and 3 more | 2025-05-05 | 8.8 High |
| lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||||
| CVE-2022-22824 | 5 Debian, Libexpat Project, Redhat and 2 more | 6 Debian Linux, Libexpat, Enterprise Linux and 3 more | 2025-05-05 | 9.8 Critical |
| defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||||
| CVE-2022-22823 | 5 Debian, Libexpat Project, Redhat and 2 more | 6 Debian Linux, Libexpat, Enterprise Linux and 3 more | 2025-05-05 | 9.8 Critical |
| build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||||
| CVE-2022-22822 | 5 Debian, Libexpat Project, Redhat and 2 more | 6 Debian Linux, Libexpat, Enterprise Linux and 3 more | 2025-05-05 | 9.8 Critical |
| addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||||
| CVE-2021-46143 | 5 Libexpat Project, Netapp, Redhat and 2 more | 10 Libexpat, Active Iq Unified Manager, Clustered Data Ontap and 7 more | 2025-05-05 | 8.1 High |
| In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | ||||
| CVE-2021-45960 | 6 Debian, Libexpat Project, Netapp and 3 more | 10 Debian Linux, Libexpat, Active Iq Unified Manager and 7 more | 2025-05-05 | 8.8 High |
| In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | ||||
| CVE-2021-39275 | 7 Apache, Debian, Fedoraproject and 4 more | 14 Http Server, Debian Linux, Fedora and 11 more | 2025-05-01 | 9.8 Critical |
| ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. | ||||
| CVE-2022-35256 | 5 Debian, Llhttp, Nodejs and 2 more | 7 Debian Linux, Llhttp, Node.js and 4 more | 2025-05-01 | 6.5 Medium |
| The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | ||||