Siemens Sinec_infrastructure_network_services
68 CVEs affecting Siemens Sinec_infrastructure_network_services. Latest disclosed: 2021-11-23. Critical: 7, High: 36.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-27304 | Critical | 9.8 | 2021-10-21 | The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mec… |
CVE-2021-22930 | Critical | 9.8 | 2021-10-07 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to chang… |
CVE-2021-22931 | Critical | 9.8 | 2021-08-16 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names retu… |
CVE-2020-11656 | Critical | 9.8 | 2020-04-09 | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statemen… |
CVE-2019-19646 | Critical | 9.8 | 2019-12-09 | pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. |
CVE-2019-19317 | Critical | 9.8 | 2019-12-05 | lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of ser… |
CVE-2021-20093 | Critical | 9.1 | 2021-06-16 | A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap… |
CVE-2021-39135 | High | 8.2 | 2021-08-31 | `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guar… |
CVE-2021-39134 | High | 8.2 | 2021-08-31 | `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to gu… |
CVE-2021-37713 | High | 8.2 | 2021-08-31 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerabil… |
CVE-2021-37712 | High | 8.2 | 2021-08-31 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerabil… |
CVE-2021-37701 | High | 8.2 | 2021-08-31 | The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerabili… |
CVE-2021-32804 | High | 8.2 | 2021-08-03 | The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient… |
CVE-2021-32803 | High | 8.2 | 2021-08-03 | The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient sy… |
CVE-2021-22901 | High | 8.1 | 2021-06-11 | curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over… |
CVE-2021-25216 | High | 8.1 | 2021-04-29 | In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well a… |
CVE-2020-8625 | High | 8.1 | 2021-02-17 | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default s… |
CVE-2020-8265 | High | 8.1 | 2021-01-06 | Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socke… |
CVE-2021-22921 | High | 7.8 | 2021-07-12 | Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specificall… |
CVE-2020-8177 | High | 7.8 | 2020-12-14 | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J… |