Fedora: Security Advisory for ntp-refclock (FEDORA-2023-611a143d5f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: ntp-refclock-0.6-1.fc38

ntp-refclock is a wrapper for reference clock drivers included in the ntpd daemon, which enables other NTP implementations to use the supported hardware reference clocks for synchronization of the system clock. It provides a minimal environment for the drivers to be able to run in a separate...

[SECURITY] Fedora 37 Update: ntp-refclock-0.6-1.fc37

ntp-refclock is a wrapper for reference clock drivers included in the ntpd daemon, which enables other NTP implementations to use the supported hardware reference clocks for synchronization of the system clock. It provides a minimal environment for the drivers to be able to run in a separate...

Fedora: Security Advisory for ntp-refclock (FEDORA-2023-c0762a0e57)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-3180 · Microsoft · Windows Bus Filter Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Bus Filter Driver affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in the Windows Bus Filter driver of Windows operating systems. This can allow an attacker to...

PT-2023-7323 · Unknown +5 · Tang Server +5

Name of the Vulnerable Software and Affected Versions: Tang server affected versions not specified Description: A race condition exists in the Tang server functionality for key generation and key rotation, resulting in a small time window where Tang private keys become readable by other processes...

CVE-2022-46165

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

CVE-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

CVE-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

CVE-2022-46165

Syncthing (open source file sync) is vulnerable in versions prior to 1.23.5 due to a stored cross-site scripting (XSS) issue in the Web UI when sharing folders. An attacker could abuse shared folders to cause HTML/JavaScript in file names, and, if the user interacts with the UI (e.g., moves the m...

CVE-2022-46165

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

CVE-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

Mobatime 授权问题漏洞

Mobatime is a time and frequency synchronization solution from Mobatime, Inc. A security vulnerability exists in Mobatime AMXGT100 version 1.3.20 and prior versions that stems from improper authentication...

Mobatime 安全漏洞

Mobatime is a time and frequency synchronization solution from Mobatime, Inc. A security vulnerability exists in Mobatime AMXGT100 version 1.3.20 and earlier versions that stems from incorrect authorization...

PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'

Impact A "mismatch" type InventoryTransactionPacket is sent by the client to request a resync of all currently open inventories. Since PocketMine-MP does not rate-limit these "mismatch" transactions, and the syncing of inventories is not deferred until, e.g. the end of the current tick, they can ...

PT-2023-9803 · Draytek · Draytek Vigor Switches +3

Name of the Vulnerable Software and Affected Versions: Draytek Vigor Routers versions below 3.9.6/4.2.4 Draytek Vigor Access Points versions below v1.4.0 Draytek Vigor Switches versions below 2.6.7 Draytek Vigor Myvigor versions below 2.3.2 Description: The issue is related to the use of hardcode...

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

CVE-2023-30285

An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser...

Information disclosure

An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser...

CVE-2023-30285

An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser...