Sinec infrastructure network services

This hub aggregates every CVE we track for Sinec infrastructure network services, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Sinec infrastructure network services.

• CVE-2021-3672A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to ...5.6Nov 23, 2021
• CVE-2021-25219Lame cache can be abused to severely degrade resolver performance5.3Oct 27, 2021
• CVE-2020-27304The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request...9.8Oct 21, 2021
• CVE-2021-22930Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.9.8Oct 7, 2021
• CVE-2021-22947When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that...5.9Sep 29, 2021
• CVE-2021-22946A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUS...7.5Sep 29, 2021
• CVE-2021-39135UNIX Symbolic Link (Symlink) Following in @npmcli/arborist8.2Aug 31, 2021
• CVE-2021-39134UNIX Symbolic Link (Symlink) Following in @npmcli/arborist8.2Aug 31, 2021
• CVE-2021-37713Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization8.2Aug 31, 2021
• CVE-2021-37712Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links8.2Aug 31, 2021
• CVE-2021-37701Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links8.2Aug 31, 2021
• CVE-2021-3712Read buffer overruns processing ASN.1 strings7.4Aug 24, 2021
• CVE-2021-22931Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js...9.8Aug 16, 2021
• CVE-2021-22940Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.7.5Aug 16, 2021
• CVE-2021-22939If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate woul...5.3Aug 16, 2021