Vulnerabilities (CVE)

Filtered by vendor Siemens Subscribe
Filtered by product Sinec Ins
Total 35 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-32213 6 Debian, Fedoraproject, Llhttp and 3 more 6 Debian Linux, Fedora, Llhttp and 3 more 2024-02-28 N/A 6.5 MEDIUM
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
CVE-2022-32215 6 Debian, Fedoraproject, Llhttp and 3 more 6 Debian Linux, Fedora, Llhttp and 3 more 2024-02-28 N/A 6.5 MEDIUM
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
CVE-2022-32212 4 Debian, Fedoraproject, Nodejs and 1 more 4 Debian Linux, Fedora, Node.js and 1 more 2024-02-28 N/A 8.1 HIGH
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
CVE-2022-2068 6 Broadcom, Debian, Fedoraproject and 3 more 43 Sannav, Debian Linux, Fedora and 40 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
CVE-2022-0396 4 Fedoraproject, Isc, Netapp and 1 more 19 Fedora, Bind, H300e and 16 more 2024-02-28 4.3 MEDIUM 5.3 MEDIUM
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
CVE-2021-25220 5 Fedoraproject, Isc, Juniper and 2 more 48 Fedora, Bind, Junos and 45 more 2024-02-28 4.0 MEDIUM 6.8 MEDIUM
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
CVE-2022-0235 3 Debian, Node-fetch Project, Siemens 3 Debian Linux, Node-fetch, Sinec Ins 2024-02-28 5.8 MEDIUM 6.1 MEDIUM
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-0155 2 Follow-redirects Project, Siemens 2 Follow-redirects, Sinec Ins 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2021-3749 3 Axios, Oracle, Siemens 3 Axios, Goldengate, Sinec Ins 2024-02-28 7.8 HIGH 7.5 HIGH
axios is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-25217 5 Debian, Fedoraproject, Isc and 2 more 26 Debian Linux, Fedora, Dhcp and 23 more 2024-02-28 3.3 LOW 7.4 HIGH
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
CVE-2020-28168 2 Axios, Siemens 2 Axios, Sinec Ins 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
CVE-2021-23337 4 Lodash, Netapp, Oracle and 1 more 23 Lodash, Active Iq Unified Manager, Cloud Manager and 20 more 2024-02-28 6.5 MEDIUM 7.2 HIGH
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2020-7793 2 Siemens, Ua-parser-js Project 2 Sinec Ins, Ua-parser-js 2024-02-28 5.0 MEDIUM 7.5 HIGH
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
CVE-2020-28500 3 Lodash, Oracle, Siemens 19 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 16 more 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVE-2020-12762 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.