Vulnerabilities > Siemens > Sinec INS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-15 | CVE-2021-23337 | Code Injection vulnerability in multiple products Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | 7.2 |
| 2021-02-15 | CVE-2020-28500 | Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. | 5.3 |
| 2020-12-11 | CVE-2020-7793 | The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). | 7.5 |
| 2020-11-06 | CVE-2020-28168 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. | 5.9 |
| 2020-05-09 | CVE-2020-12762 | Integer Overflow or Wraparound vulnerability in multiple products json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. | 7.8 |