Sinec INS

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-23	CVE-2021-25220	HTTP Request Smuggling vulnerability in multiple products BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. network low complexity isc fedoraproject netapp siemens juniper CWE-444	6.8
2022-03-23	CVE-2022-0396	Improper Resource Shutdown or Release vulnerability in multiple products BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. network low complexity isc fedoraproject netapp siemens CWE-404	5.3
2022-01-28	CVE-2021-4160	There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. network high complexity openssl debian oracle siemens	5.9
2022-01-16	CVE-2022-0235	Information Exposure vulnerability in multiple products node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor network low complexity node-fetch-project siemens debian CWE-200	6.1
2022-01-10	CVE-2022-0155	Privacy Violation vulnerability in multiple products follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor network low complexity follow-redirects-project siemens CWE-359	6.5
2021-09-23	CVE-2021-22945	Double Free vulnerability in multiple products When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again. network low complexity haxx fedoraproject netapp oracle apple siemens debian splunk CWE-415 critical	9.1
2021-08-31	CVE-2021-3749	axios is vulnerable to Inefficient Regular Expression Complexity network low complexity axios siemens oracle	7.5
2021-05-26	CVE-2021-25217	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. low complexity isc fedoraproject debian siemens netapp CWE-119	7.4
2021-02-16	CVE-2021-23841	NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. network high complexity openssl debian tenable apple netapp oracle siemens CWE-476	5.9
2021-02-16	CVE-2021-23839	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products OpenSSL 1.0.2 supports SSLv2. network high complexity openssl oracle siemens CWE-327	3.7