Sinec Ins Security Vulnerabilities and Issues — Sinec Ins CVE List

Lucene search

SiemensSinec Ins

13 matches found

CVE•added 2022/06/21 3:15 p.m.•1165 views

CVE-2022-2068

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there ...

10CVSS9.2AI score0.51025EPSS

CVE•added 2022/03/23 1:15 p.m.•747 views

CVE-2021-25220

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not...

6.8CVSS7AI score0.00091EPSS

CVE•added 2022/07/05 11:15 a.m.•451 views

CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, ...

5.3CVSS7.6AI score0.00198EPSS

CVE•added 2022/01/16 5:15 p.m.•401 views

CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

8.8CVSS7.7AI score0.00512EPSS

CVE•added 2022/12/05 10:15 p.m.•378 views

CVE-2022-35256

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

6.5CVSS7.9AI score0.04594EPSS

CVE•added 2022/03/23 11:15 a.m.•317 views

CVE-2022-0396

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the co...

5.3CVSS5.9AI score0.00011EPSS

CVE•added 2022/07/14 3:15 p.m.•286 views

CVE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0,

8.1CVSS8.3AI score0.00082EPSS

CVE•added 2022/01/28 10:15 p.m.•254 views

CVE-2021-4160

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis su...

5.9CVSS6.2AI score0.23867EPSS

CVE•added 2022/12/05 10:15 p.m.•252 views

CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it...

9.1CVSS8.9AI score0.01258EPSS

CVE•added 2022/07/14 3:15 p.m.•227 views

CVE-2022-32215

The llhttp parser <v14.20.1, <v16.17.1 and

6.5CVSS7.1AI score0.88045EPSS

CVE•added 2022/07/14 3:15 p.m.•220 views

CVE-2022-32213

The llhttp parser <v14.20.1, <v16.17.1 and

6.5CVSS7.2AI score0.89015EPSS

CVE•added 2022/01/10 8:15 p.m.•185 views

CVE-2022-0155

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

8CVSS6.8AI score0.00903EPSS

Web

CVE•added 2022/07/14 3:15 p.m.•125 views

CVE-2022-32222

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

5.3CVSS5.1AI score0.00488EPSS