Vulnerabilities > Siemens > Sinec Infrastructure Network Services

DATE CVE VULNERABILITY TITLE RISK
2021-04-29 CVE-2021-25214 Reachable Assertion vulnerability in multiple products
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
network
low complexity
isc debian fedoraproject siemens netapp CWE-617
6.5
2021-04-01 CVE-2021-22890 Authentication Bypass by Spoofing vulnerability in multiple products
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets.
3.7
2021-04-01 CVE-2021-22876 Information Exposure vulnerability in multiple products
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header.
5.3
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-03-23 CVE-2021-23362 The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js.
network
low complexity
npmjs siemens
5.3
2021-03-12 CVE-2021-27290 ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. 4.3
2021-03-03 CVE-2021-22884 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”.
network
high complexity
nodejs fedoraproject netapp oracle siemens
7.5
2021-03-03 CVE-2021-22883 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established.
network
low complexity
nodejs fedoraproject netapp oracle siemens CWE-772
7.5
2021-02-17 CVE-2020-8625 Classic Buffer Overflow vulnerability in multiple products
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features.
network
high complexity
isc debian fedoraproject siemens netapp CWE-120
8.1
2021-01-06 CVE-2020-8287 HTTP Request Smuggling vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields).
network
low complexity
nodejs debian fedoraproject oracle siemens CWE-444
6.5