Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
siemens sinec-nms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-32558
The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an exp...
Nodejs Node.js
5.3
CVSSv3
CVE-2023-32003
`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects ...
Nodejs Node.js
Fedoraproject Fedora 37
Fedoraproject Fedora 38
8.8
CVSSv3
CVE-2023-32004
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects a...
Nodejs Node.js
Fedoraproject Fedora 37
Fedoraproject Fedora 38
5.3
CVSSv3
CVE-2023-32005
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.stat...
Nodejs Node.js
NA
CVE-2024-31978
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated malicious user to download files f...
5.3
CVSSv3
CVE-2023-34035
Spring Security versions 5.8 before 5.8.5, 6.0 before 6.0.5, and 6.1 before 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (Dispatcher...
Vmware Spring Security
4 Github repositories
7.7
CVSSv3
CVE-2021-37200
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.
Siemens Sinec Network Management System
Siemens Sinec Network Management System 1.0
7.2
CVSSv3
CVE-2022-24282
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization...
Siemens Sinec Network Management System
7.5
CVSSv3
CVE-2023-30586
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can...
Nodejs Node.js
7.2
CVSSv3
CVE-2021-33721
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges c...
Siemens Sinec Network Management System
Siemens Sinec Network Management System 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »