Siemens

Sinec Ins

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.59%
  • Veröffentlicht 05.12.2022 22:15:10
  • Zuletzt bearbeitet 24.04.2025 14:15:32

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

Exploit
  • EPSS 1.73%
  • Veröffentlicht 14.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:57

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in ve...

Exploit
  • EPSS 68.8%
  • Veröffentlicht 14.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:56

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

Exploit
  • EPSS 35.08%
  • Veröffentlicht 14.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:56

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

  • EPSS 5.61%
  • Veröffentlicht 14.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:56

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making D...

  • EPSS 4.43%
  • Veröffentlicht 05.07.2022 11:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:18

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't writte...

  • EPSS 95.76%
  • Veröffentlicht 21.06.2022 15:15:09
  • Zuletzt bearbeitet 03.11.2025 22:15:58

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022...

  • EPSS 3.25%
  • Veröffentlicht 23.03.2022 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:54:34

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also be...

  • EPSS 2.62%
  • Veröffentlicht 23.03.2022 11:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:32

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, eve...

  • EPSS 3.8%
  • Veröffentlicht 28.01.2022 22:15:15
  • Zuletzt bearbeitet 21.11.2024 06:37:02

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlik...