Vulnerabilities > Siemens > Sinec INS > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2022-0155 Privacy Violation vulnerability in multiple products
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
network
low complexity
follow-redirects-project siemens CWE-359
6.5
2021-02-16 CVE-2021-23841 NULL Pointer Dereference vulnerability in multiple products
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate.
5.9
2021-02-15 CVE-2021-23337 Code Injection vulnerability in multiple products
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
network
low complexity
lodash oracle netapp siemens CWE-94
6.5
2021-02-15 CVE-2020-28500 Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
network
low complexity
lodash oracle siemens
5.0
2020-12-11 CVE-2020-7793 The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
network
low complexity
ua-parser-js-project siemens
5.0
2020-11-06 CVE-2020-28168 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
network
high complexity
axios siemens CWE-918
5.9