Vulnerabilities (CVE)

Filtered by vendor Siemens Subscribe
Filtered by product Ruggedcom Rox Ii Firmware
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5391 7 Canonical, Debian, F5 and 4 more 73 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 70 more 2024-11-21 7.8 HIGH 7.5 HIGH
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
CVE-2018-5381 4 Canonical, Debian, Quagga and 1 more 5 Ubuntu Linux, Debian Linux, Quagga and 2 more 2024-11-21 5.0 MEDIUM 6.5 MEDIUM
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
CVE-2018-5380 4 Canonical, Debian, Quagga and 1 more 5 Ubuntu Linux, Debian Linux, Quagga and 2 more 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
CVE-2018-5379 5 Canonical, Debian, Quagga and 2 more 10 Ubuntu Linux, Debian Linux, Quagga and 7 more 2024-11-21 7.5 HIGH 7.5 HIGH
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
CVE-2015-5537 1 Siemens 2 Ruggedcom Rox Ii Firmware, Ruggedcom Rugged Operating System 2024-11-21 4.3 MEDIUM N/A
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.