Vulnerabilities > Siemens > Sinec Infrastructure Network Services > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-03 CVE-2021-32804 The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization.
network
low complexity
tar-project oracle siemens
8.1
2021-07-12 CVE-2021-22921 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms.
local
low complexity
nodejs siemens CWE-732
7.8
2021-06-11 CVE-2021-22901 Use After Free vulnerability in multiple products
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection.
network
high complexity
haxx oracle netapp siemens splunk CWE-416
8.1
2021-04-29 CVE-2021-25215 Reachable Assertion vulnerability in multiple products
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check.
7.5
2021-03-12 CVE-2021-27290 ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service.
network
low complexity
ssri-project oracle siemens
7.5
2021-03-03 CVE-2021-22884 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”.
network
high complexity
nodejs fedoraproject netapp oracle siemens
7.5
2021-03-03 CVE-2021-22883 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established.
network
low complexity
nodejs fedoraproject netapp oracle siemens CWE-772
7.5
2021-02-17 CVE-2020-8625 Classic Buffer Overflow vulnerability in multiple products
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features.
network
high complexity
isc debian fedoraproject siemens netapp CWE-120
8.1
2021-01-06 CVE-2020-8265 Use After Free vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation.
network
high complexity
nodejs debian fedoraproject oracle siemens CWE-416
8.1
2020-12-14 CVE-2020-8286 Improper Certificate Validation vulnerability in multiple products
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
7.5