Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sinec_infrastructure_network_services
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 68 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-16 | CVE-2021-22931 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. | Active_iq_unified_manager, Nextgen_api, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Node\.js, Graalvm, Mysql_cluster, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services | 9.8 | ||
| 2021-08-16 | CVE-2021-22939 | If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. | Debian_linux, Nextgen_api, Node\.js, Graalvm, Jd_edwards_enterpriseone_tools, Mysql_cluster, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services | 5.3 | ||
| 2021-08-16 | CVE-2021-22940 | Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | Debian_linux, Nextgen_api, Node\.js, Graalvm, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services | 7.5 | ||
| 2021-08-24 | CVE-2021-3712 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the... | Debian_linux, Epolicy_orchestrator, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, Hci_management_node, Manageability_software_development_kit, Santricity_smi\-S_provider, Solidfire, Storage_encryption, Openssl, Communications_cloud_native_core_console, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_session_border_controller, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_session_border_controller, Essbase, Health_sciences_inform_publisher, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_backup, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Nessus_network_monitor, Tenable\.sc | 7.4 | ||
| 2021-08-31 | CVE-2021-37701 | The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when... | Debian_linux, Tar, Graalvm, Sinec_infrastructure_network_services | 8.6 | ||
| 2021-08-31 | CVE-2021-37712 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when... | Debian_linux, Tar, Graalvm, Sinec_infrastructure_network_services | 8.6 | ||
| 2021-08-31 | CVE-2021-37713 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction... | Tar, Graalvm, Sinec_infrastructure_network_services | 8.6 | ||
| 2021-08-31 | CVE-2021-39134 | `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting... | Arborist, Graalvm, Sinec_infrastructure_network_services | 7.8 | ||
| 2021-08-31 | CVE-2021-39135 | `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project's `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a... | Arborist, Graalvm, Sinec_infrastructure_network_services | 7.8 | ||
| 2021-09-29 | CVE-2021-22947 | When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake... | Macos, Debian_linux, Fedora, Curl, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware, Commerce_guided_search, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Universal_forwarder | 5.9 |