Vulnerabilities > Siemens > Sinec INS > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-46889 Use of Hard-coded Cryptographic Key vulnerability in Siemens Sinec INS 1.0
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
network
low complexity
siemens CWE-321
5.3
2022-12-05 CVE-2022-35256 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF.
network
low complexity
nodejs llhttp siemens debian CWE-444
6.5
2022-07-14 CVE-2022-32213 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
6.5
2022-07-14 CVE-2022-32215 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers.
6.5
2022-07-14 CVE-2022-32222 Uncontrolled Search Path Element vulnerability in multiple products
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.
network
low complexity
nodejs siemens CWE-427
5.3
2022-07-05 CVE-2022-2097 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances.
5.3
2022-03-23 CVE-2021-25220 HTTP Request Smuggling vulnerability in multiple products
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.
network
low complexity
isc fedoraproject netapp siemens juniper CWE-444
6.8
2022-03-23 CVE-2022-0396 Improper Resource Shutdown or Release vulnerability in multiple products
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.
network
low complexity
isc fedoraproject netapp siemens CWE-404
5.3
2022-01-28 CVE-2021-4160 There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure.
network
high complexity
openssl debian oracle siemens
5.9
2022-01-16 CVE-2022-0235 Information Exposure vulnerability in multiple products
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
network
low complexity
node-fetch-project siemens debian CWE-200
6.1