U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:siemens:sinema_remote_connect_server:1.0:sp3_hf1:*:*:*:*:*:*
  • CPE Name Search: true
There are 52 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Published: February 15, 2022; 8:15:07 PM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-23102

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.

Published: February 09, 2022; 11:15:15 AM -0500
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2022-23990

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Published: January 26, 2022; 2:15:08 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Published: January 23, 2022; 9:15:06 PM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-22827

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:57 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:57 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-22825

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:56 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-22824

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:56 AM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-22823

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:56 AM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:56 AM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Published: January 05, 2022; 11:15:07 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Published: January 01, 2022; 2:15:08 PM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

Published: September 16, 2021; 11:15:07 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-37193

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa).

Published: September 14, 2021; 7:15:26 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 3.3 LOW
CVE-2021-37192

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.

Published: September 14, 2021; 7:15:26 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 3.3 LOW
CVE-2021-37191

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.

Published: September 14, 2021; 7:15:26 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 3.3 LOW
CVE-2021-37190

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.

Published: September 14, 2021; 7:15:25 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 3.3 LOW
CVE-2021-37183

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices.

Published: September 14, 2021; 7:15:25 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 3.3 LOW
CVE-2021-37177

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system.

Published: September 14, 2021; 7:15:25 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 3.3 LOW
CVE-2021-22925

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

Published: August 05, 2021; 5:15:11 PM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM