Sinec INS

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-16	CVE-2022-0235	node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor network low complexity node-fetch-project siemens debian	6.1
2022-01-10	CVE-2022-0155	follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor network low complexity follow-redirects-project siemens	6.5
2021-09-23	CVE-2021-22945	Double Free vulnerability in multiple products When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again. network low complexity haxx fedoraproject netapp oracle apple siemens debian splunk CWE-415 critical	9.1
2021-08-31	CVE-2021-3749	axios is vulnerable to Inefficient Regular Expression Complexity network low complexity axios siemens oracle	7.5
2021-02-16	CVE-2021-23841	NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. network high complexity openssl debian tenable apple netapp oracle siemens CWE-476	5.9
2021-02-16	CVE-2021-23839	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products OpenSSL 1.0.2 supports SSLv2. network high complexity openssl oracle siemens CWE-327	3.7
2021-02-15	CVE-2021-23337	Code Injection vulnerability in multiple products Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. network low complexity lodash oracle netapp siemens CWE-94	7.2
2021-02-15	CVE-2020-28500	Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. network low complexity lodash oracle siemens	5.3
2020-12-11	CVE-2020-7793	The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). network low complexity ua-parser-js-project siemens	7.5
2020-11-06	CVE-2020-28168	Server-Side Request Forgery (SSRF) vulnerability in multiple products Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. network high complexity axios siemens CWE-918	5.9