PT-2023-5241 · 1с · 1С-Битрикс

Name of the Vulnerable Software and Affected Versions: 1С-Битрикс: Управление сайтом affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the landing module of the 1С-Битрикс site management system. Exploitation of this issue m...

Resetting RPC node password Timesout in HA

Under HA sync failed with error: "Unable to Authenticate with Primary, rpcnode password might have changed please reset it and try" When resetting it on Primary it times out...

OTP device test error "Failed to verify OTP from. Please ensure Citrix ADC is synced to NTP time"

OTP registered device test error "Failed to verify OTP. Please make sure Citrix ADC is synced to NTP time. "...

Advisory ROSA-SA-2023-2230

Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: rsync-3.1.3.src.rpm CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...

ROS-20230905-01

A vulnerability in the Bluetooth permission verification subsystem of the Linux kernel is associated with errors in the processing of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands by sending specially crafted requests...

ROS-20230905-02

Vulnerability in the ksmbd module of Linux kernel operating systems is related to synchronization errors when using a shared resource. synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code using the...

OESA-2023-1587 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connectio...

The vulnerability of the umask() function in the archive_write_disk.posix.c component of the Libarchive library, which allows an attacker to delete and rename files within directories.

The vulnerability of the umask function in the archivewritedisk.posix.c component of the Libarchive library arises due to synchronization errors when using a shared resource. Exploiting this vulnerability could allow an attacker to delete and rename files within these directories...

Propagation Error: "Server is not reachable. Configuration settings might be out of date"

When selecting propagate changes in the primary Storefront server, the propagation completes successfully however the following warning and error ispresent in the server details: Warning - "Propagated changes today at . Some servers were not synchronized." Error - "Server is not reachable...

UBUNTU-CVE-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

SICK LMS5xx 资源管理错误漏洞

The SICK LMS5xx is a series of sensors from SICK, Germany. A security vulnerability exists in the SICK LMS5xx that originates from an attacker being able to send a large number of TCP SYN requests to the target LMS5xx, resulting in a Denial of Service DoS...

The vulnerability of the Content Synchronization plugin of the 389 Directory Server server allows a attacker to cause a service failure.

The vulnerability of the Content Synchronization plugin in the 389 Directory Server service is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to cause service failures through a specially crafted request...

Rockwell Automation ThinManager ThinServer Denial of Service Vulnerability

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A denial of service vulnerability exists in Rockwell Automation Thinmanager Thinserver, which can be exploit...

CVE-2023-2915

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can...

CVE-2023-2914

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user...

CVE-2023-2914 Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user...

Rockwell Automation ThinManager 输入验证错误漏洞

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A denial of service vulnerability exists in Rockwell Automation Thinmanager Thinserver, which can be exploit...

The vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) on the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the LDAP protocol implementation on the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Projected File System component in the Windows operating system, which allows attackers to enhance their privileges

The vulnerability of the Projected File System component in the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

Smart commits are processed in Jira for repositories without smart commits when synced via git webhooks

h3. Issue Summary This is reproducible on Data Center: yes Explanation: This bug shows up only for integration using webhooks. Smar commits works correctly when data is being synced during hourly polling job. Environment requirements: Jira needs to be available for Git instance to let git webhook...