Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-10	CVE-2022-0155	Privacy Violation vulnerability in multiple products follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor network low complexity follow-redirects-project siemens CWE-359	6.5
2021-02-16	CVE-2021-23841	NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. network high complexity openssl debian tenable apple netapp oracle siemens CWE-476	5.9
2021-02-15	CVE-2021-23337	Code Injection vulnerability in multiple products Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. network low complexity lodash oracle netapp siemens CWE-94	6.5
2021-02-15	CVE-2020-28500	Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. network low complexity lodash oracle siemens	5.0
2020-12-11	CVE-2020-7793	The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). network low complexity ua-parser-js-project siemens	5.0
2020-11-06	CVE-2020-28168	Server-Side Request Forgery (SSRF) vulnerability in multiple products Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. network high complexity axios siemens CWE-918	5.9