CVSS: 8.6EPSS: 0%CPEs: 34EXPL: 0CVE-2022-31766
https://notcve.org/view.php?id=CVE-2022-31766
11 Oct 2022 — A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.1.2), SCALANCE M874-2 (Al... • https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdf • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 2CVE-2021-22924 – curl: Bad connection reuse due to flawed path name checks
https://notcve.org/view.php?id=CVE-2021-22924
22 Jul 2021 — libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' whic... • https://github.com/Trinadh465/external_curl_AOSP10_r33_CVE-2021-22924 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 8.7EPSS: 1%CPEs: 157EXPL: 0CVE-2020-28400
https://notcve.org/view.php?id=CVE-2020-28400
13 Jul 2021 — Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. Los dispositivos afectados contienen una vulnerabilidad que permite a un atacante no autentificado desencadenar una condición de denegación de servicio. La vulnerabilidad puede activarse si se envía una gran cantidad de paquetes de restablecimiento de DCP al dispositivo Affected devices con... • https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 0CVE-2021-25667
https://notcve.org/view.php?id=CVE-2021-25667
15 Mar 2021 — A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versi... • https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-25676
https://notcve.org/view.php?id=CVE-2021-25676
15 Mar 2021 — A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. Se ha identificado una vulnerabilidad en RUGGEDCOM RM1224 (versión V6.3), SCALANCE M-800 (versión V6.3), SCALANCE S615 (versión V6.3), SCALANCE SC-600 (Todas las versiones posteriore... • https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf • CWE-307: Improper Restriction of Excessive Authentication Attempts •