Siplus S7 1500 CPU 1518 4 Pn\/dp Mfp Firmware
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4911 | Hig | 0.71 | 7.8 | 0.81 | KEV | Oct 3, 2023 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID… | |
| CVE-2023-44487 | Hig | 0.65 | 7.5 | 1.00 | KEV | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |
| CVE-2026-31431 | Hig | 0.59 | 7.8 | 0.97 | KEV | Apr 22, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the… | |
| CVE-2025-40943 | 0.00 | — | 0.00 | Mar 10, 2026 | Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file… | |||
| CVE-2023-46156 | 0.00 | — | 0.01 | Dec 12, 2023 | Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations. | |||
| CVE-2023-28831 | 0.00 | — | 0.01 | Sep 12, 2023 | The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of… | |||
| CVE-2022-38773 | 0.00 | — | 0.00 | Jan 10, 2023 | Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and… | |||
| CVE-2021-44693 | 0.00 | — | 0.01 | Dec 13, 2022 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | |||
| CVE-2021-44695 | 0.00 | — | 0.01 | Dec 13, 2022 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | |||
| CVE-2021-44694 | 0.00 | — | 0.01 | Dec 13, 2022 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | |||
| CVE-2021-40365 | 0.00 | — | 0.01 | Dec 13, 2022 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | |||
| CVE-2022-30694 | 0.00 | — | 0.00 | Nov 8, 2022 | The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. |
- risk 0.71cvss 7.8epss 0.81
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID…
- risk 0.65cvss 7.5epss 1.00
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- risk 0.59cvss 7.8epss 0.97
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the…
- CVE-2025-40943Mar 10, 2026risk 0.00cvss —epss 0.00
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file…
- CVE-2023-46156Dec 12, 2023risk 0.00cvss —epss 0.01
Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.
- CVE-2023-28831Sep 12, 2023risk 0.00cvss —epss 0.01
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of…
- CVE-2022-38773Jan 10, 2023risk 0.00cvss —epss 0.00
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and…
- CVE-2021-44693Dec 13, 2022risk 0.00cvss —epss 0.01
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
- CVE-2021-44695Dec 13, 2022risk 0.00cvss —epss 0.01
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
- CVE-2021-44694Dec 13, 2022risk 0.00cvss —epss 0.01
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
- CVE-2021-40365Dec 13, 2022risk 0.00cvss —epss 0.01
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
- CVE-2022-30694Nov 8, 2022risk 0.00cvss —epss 0.00
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.