Siemens Sinec Infrastructure Network Services vulnerabilities

CVE-2021-3672 [MEDIUM] CWE-79 CVE-2021-3672: A flaw was found in c-ares library, where a missing input validation check of host names returned by A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

CVE-2021-25219 [MEDIUM] CVE-2021-25219: In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9. In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance.

CVE-2020-27304 [CRITICAL] CWE-23 CVE-2020-27304: The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windo The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to direct

CVE-2021-22930 [CRITICAL] CWE-416 CVE-2021-22930: Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attack Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

CVE-2021-22946 [HIGH] CWE-325 CVE-2021-22946: A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate re

CVE-2021-22947 [MEDIUM] CWE-310 CVE-2021-22947: When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *b

CVE-2021-37701 [HIGH] CWE-22 CVE-2021-37701: The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlink

CVE-2021-39135 [HIGH] CWE-61 CVE-2021-39135: `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents

CVE-2021-37712 [HIGH] CWE-22 CVE-2021-37712: The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symli

CVE-2021-37713 [HIGH] CWE-22 CVE-2021-37713: The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of e

CVE-2021-39134 [HIGH] CWE-61 CVE-2021-39134: `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` fold `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving depend

CVE-2021-3712 [HIGH] CWE-125 CVE-2021-3712: ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that

CVE-2021-22931 [CRITICAL] CWE-170 CVE-2021-22931: Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.

CVE-2021-22940 [HIGH] CWE-416 CVE-2021-22940: Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attack Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

CVE-2021-22939 [MEDIUM] CWE-295 CVE-2021-22939: If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthori If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

CVE-2021-22926 [HIGH] CWE-840 CVE-2021-22926: libcurl-using applications can ask for a specific client certificate to be used in a transfer. This libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same opt

CVE-2021-22925 [MEDIUM] CWE-200 CVE-2021-22925: curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revea

CVE-2021-22923 [MEDIUM] CWE-319 CVE-2021-22923: When curl is instructed to get content using the metalink feature, and a user name and password are When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and witho

CVE-2021-22922 [MEDIUM] CWE-840 CVE-2021-22922: When curl is instructed to download content using the metalink feature, thecontents is verified agai When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several o

CVE-2021-22924 [LOW] CWE-20 CVE-2021-22924: libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or c