Siemens Sinema Remote Connect Server vulnerabilities

CVE-2022-23852 [CRITICAL] CWE-190 CVE-2022-23852: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

CVE-2022-22823 [CRITICAL] CWE-190 CVE-2022-22823: build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22822 [CRITICAL] CWE-190 CVE-2022-22822: addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22824 [CRITICAL] CWE-190 CVE-2022-22824: defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22826 [HIGH] CWE-190 CVE-2022-22826: nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22825 [HIGH] CWE-190 CVE-2022-22825: lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22827 [HIGH] CWE-190 CVE-2022-22827: storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2021-46143 [HIGH] CWE-190 CVE-2021-46143: In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_gro In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

CVE-2021-45960 [HIGH] CWE-682 CVE-2021-45960: In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

CVE-2021-40438 [CRITICAL] CWE-918 CVE-2021-40438: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-34798 [HIGH] CWE-476 CVE-2021-34798: Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTT Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-37193 [MEDIUM] CWE-471 CVE-2021-37193: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An un A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa).

CVE-2021-37183 [MEDIUM] CWE-284 CVE-2021-37183: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The a A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices.

CVE-2021-37192 [MEDIUM] CWE-200 CVE-2021-37192: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The a A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.

CVE-2021-37190 [MEDIUM] CWE-200 CVE-2021-37190: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The a A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.

CVE-2021-37191 [MEDIUM] CWE-799 CVE-2021-37191: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An un A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.

CVE-2021-37177 [MEDIUM] CWE-471 CVE-2021-37177: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The s A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system.

CVE-2021-22925 [MEDIUM] CWE-200 CVE-2021-22925: curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revea

CVE-2021-22924 [LOW] CWE-20 CVE-2021-22924: libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or c

CVE-2021-20093 [CRITICAL] CWE-125 CVE-2021-20093: A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticat A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.