Vulnerabilities > Siemens > Sinec INS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-10 | CVE-2022-45093 | Path Traversal vulnerability in Siemens Sinec INS 1.0 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). | 8.8 |
| 2023-01-10 | CVE-2022-45094 | Command Injection vulnerability in Siemens Sinec INS 1.0 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). | 8.8 |
| 2022-12-05 | CVE-2022-35255 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. | 9.1 |
| 2022-12-05 | CVE-2022-35256 | HTTP Request Smuggling vulnerability in multiple products The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. | 6.5 |
| 2022-07-14 | CVE-2022-32212 | OS Command Injection vulnerability in multiple products A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | 8.1 |
| 2022-07-14 | CVE-2022-32213 | HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | 6.5 |
| 2022-07-14 | CVE-2022-32215 | HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. | 6.5 |
| 2022-07-14 | CVE-2022-32222 | Uncontrolled Search Path Element vulnerability in multiple products A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. | 5.3 |
| 2022-07-05 | CVE-2022-2097 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. | 5.3 |
| 2022-06-21 | CVE-2022-2068 | OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. | 9.8 |