📦 Sinec Infrastructure Network Services

CVE-2021-22930 is a use-after-free vulnerability in Node.js that allows memory corruption attacks. An attacker could exploit this to execute arbitrary code or crash the Node.js process. This affects a...

Node.js DNS library vulnerability allows remote code execution, XSS, and application crashes due to improper validation of DNS responses. Attackers can inject malicious hostnames leading to domain hij...

CVE-2021-20093 is a buffer over-read vulnerability in Wibu-Systems CodeMeter that allows unauthenticated remote attackers to read heap memory contents or cause denial of service. This affects CodeMete...

This vulnerability in the npm tar package allows attackers to bypass symlink checks by exploiting Unicode normalization and Windows short path behavior. It enables arbitrary file creation/overwrite an...

This vulnerability in @npmcli/arborist allows attackers to write arbitrary files to any location on case-insensitive filesystems by exploiting case-sensitivity conflicts in dependency names. Anyone us...

This OpenSSL vulnerability allows attackers to cause buffer overruns when applications directly construct ASN.1 strings without proper NUL termination. Exploitation can lead to denial of service or me...

CVE-2021-22940 is a use-after-free vulnerability in Node.js that allows memory corruption attacks. An attacker could exploit this to potentially execute arbitrary code or crash the Node.js process. Th...

This vulnerability allows attackers to trick libcurl applications into using a malicious client certificate instead of the intended one when running in writable directories like /tmp. It affects appli...

The npm tar package before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has an arbitrary file creation/overwrite vulnerability due to insufficient sanitization of absolute paths. Attackers can create or o...

This vulnerability allows local attackers on Windows systems to escalate privileges through PATH and DLL hijacking attacks. It affects Node.js installations where improper directory permissions enable...

CVE-2021-22901 is a use-after-free vulnerability in curl/libcurl that allows a malicious TLS 1.3 server to potentially execute arbitrary code on the client. This affects curl clients using OpenSSL wit...

This vulnerability in BIND DNS servers allows remote attackers to cause denial of service by sending specially crafted DNS queries that trigger an assertion failure, causing the named process to termi...

Node.js servers are vulnerable to denial of service attacks when attackers establish numerous connections with unknown protocols, causing file descriptor leaks. This can exhaust system resources, prev...