Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sinec_infrastructure_network_services
(Siemens)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 68 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-04-29 | CVE-2021-25215 | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S,... | Debian_linux, Fedora, Bind, 500f_firmware, A250_firmware, Active_iq_unified_manager, Cloud_backup, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Tekelec_platform_distribution, Sinec_infrastructure_network_services | 7.5 | ||
2021-08-24 | CVE-2021-3712 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the... | Debian_linux, Epolicy_orchestrator, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, Hci_management_node, Manageability_software_development_kit, Santricity_smi\-S_provider, Solidfire, Storage_encryption, Openssl, Communications_cloud_native_core_console, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_session_border_controller, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_session_border_controller, Essbase, Health_sciences_inform_publisher, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_backup, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Nessus_network_monitor, Tenable\.sc | 7.4 | ||
2021-08-31 | CVE-2021-39134 | `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting... | Arborist, Graalvm, Sinec_infrastructure_network_services | 7.8 | ||
2021-08-31 | CVE-2021-39135 | `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project's `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a... | Arborist, Graalvm, Sinec_infrastructure_network_services | 7.8 | ||
2021-10-27 | CVE-2021-25219 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may... | Debian_linux, Fedora, Bind, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Http_server, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services | 5.3 | ||
2021-03-23 | CVE-2021-23362 | The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. | Hosted\-Git\-Info, Sinec_infrastructure_network_services | 5.3 | ||
2021-08-31 | CVE-2021-37712 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when... | Debian_linux, Tar, Graalvm, Sinec_infrastructure_network_services | 8.6 | ||
2021-08-31 | CVE-2021-37701 | The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when... | Debian_linux, Tar, Graalvm, Sinec_infrastructure_network_services | 8.6 | ||
2020-11-17 | CVE-2020-7774 | The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. | Graalvm, Sinec_infrastructure_network_services, Y18n | 9.8 | ||
2021-06-16 | CVE-2021-20093 | A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. | Pss_cape, Sicam_230_firmware, Simatic_information_server, Simatic_pcs_neo, Simatic_process_historian, Simatic_wincc_oa, Simit_simulation_platform, Sinec_infrastructure_network_services, Sinema_remote_connect_server, Codemeter | 9.1 |