Vulnerabilities > Siemens > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-09 | CVE-2021-31889 | Unspecified vulnerability in Siemens products A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). | 9.1 |
| 2021-11-09 | CVE-2021-31890 | Unspecified vulnerability in Siemens products A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). | 9.1 |
| 2021-10-21 | CVE-2020-27304 | Path Traversal vulnerability in multiple products The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. | 9.8 |
| 2021-10-12 | CVE-2021-37726 | Classic Buffer Overflow vulnerability in multiple products A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. | 9.8 |
| 2021-10-12 | CVE-2021-33724 | Unspecified vulnerability in Siemens Sinec NMS 1.0 A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). | 9.1 |
| 2021-10-12 | CVE-2021-33725 | Unspecified vulnerability in Siemens Sinec NMS 1.0 A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). | 9.1 |
| 2021-10-07 | CVE-2021-22930 | Use After Free vulnerability in multiple products Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | 9.8 |
| 2021-09-23 | CVE-2021-22945 | Double Free vulnerability in multiple products When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | 9.1 |
| 2021-09-16 | CVE-2021-39275 | Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. | 9.8 |
| 2021-09-16 | CVE-2021-40438 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. | 9.0 |