Vulnerabilities > Siemens > Sinec Infrastructure Network Services > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-10-07 CVE-2021-22930 Use After Free vulnerability in multiple products
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
network
low complexity
nodejs netapp siemens debian CWE-416
critical
 9.8
9.8
2021-08-16 CVE-2021-22931 Improper Input Validation vulnerability in multiple products
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
network
low complexity
nodejs netapp oracle siemens CWE-20
critical
 9.8
9.8
2021-06-16 CVE-2021-20093 Out-of-bounds Read vulnerability in multiple products
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a.
network
low complexity
wibu siemens CWE-125
critical
 9.1
9.1
2020-11-17 CVE-2020-7774 The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
network
low complexity
y18n-project oracle siemens
critical
 9.8
9.8