CVE-2023-30285

An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser...

CVE-2023-30285

Summary: CVE-2023-30285 affects Deviniti Issue Sync Synchronization for Jira (version 3.5.2). The issue allows an attacker to obtain a user’s login credentials by sending a crafted request to the vulnerable API endpoint "/rest/synchronizer/1.0/technicalUser". The available documents consistently ...

CVE-2023-2734

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...

WordPress Plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Briar 资源管理错误漏洞

Briar is an open source software communication technology from Briar Open Source. It is designed to provide secure and resilient peer-to-peer communications that operate without a central server and minimize external dependencies. A security vulnerability exists in Briar versions prior to 1.4.22...

The vulnerability of the ksmbd module in Linux operating systems allows attackers to compromise the integrity, accessibility, and confidentiality of protected information, and execute arbitrary code.

The vulnerability of the ksmbd module in Linux operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to compromise the integrity, availability, and confidentiality of protected information, and to execute arbitra...

The vulnerability of the microprogrammed software of the D-Link DCS-825L network camera allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed software of the D-Link DCS-825L network camera relates to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending a large number of specially crafted network packets SYN...

The vulnerability of the rcu_barrier() function in the ksmbd module of Linux operating systems allows a hacker to elevate their privileges and execute arbitrary code.

The vulnerability of the rcubarrier function in the ksmbd module of Linux kernels is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

The vulnerability of the ksmbd module in Linux operating systems allows a hacker to execute arbitrary code.

The vulnerability of the ksmbd module in Linux operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using the SMB2QUERYINFO and SMB2LOGOFF commands...

SUSE CVE-2023-32257

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage th...

FreeBSD : curl -- multiple vulnerabilities (a4f8bb03-f52f-11ed-9859-080027083a05)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a4f8bb03-f52f-11ed-9859-080027083a05 advisory. - The vulnerability exists due to a use-after-free error when checking the SSH sha256...

The vulnerability of the rxrpc_unbundle_conn() function in Linux operating systems allows a hacker to enhance their privileges.

The vulnerability of the rxrpcunbundleconn function in Linux operating systems is related to synchronization errors when using shared resources during packet processing. Exploiting this vulnerability can allow an attacker to increase their privileges...

kernel: tcp: tcp_rtx_synack() can be called from process context

In the Linux kernel, the following vulnerability has been resolved: tcp: tcprtxsynack can be called from process context Laurent reported the enclosed report 1 This bug triggers with following coditions: 0 Kernel built with CONFIGDEBUGPREEMPT=y 1 A new passive FastOpen TCP socket is created. This...

The vulnerability in the implementation of the LDAP Lightweight Directory Access Protocol on the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the LDAP Lightweight Directory Access Protocol implementation in the Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the function dvb_frontend_test_event() in the driver drivers/media/dvb-core/dvb_frontend.c of the Linux operating system’s DVB kernel, which allows a hacker to cause a service failure.

The vulnerability of the function dvbfrontendtestevent in the driver drivers/media/dvb-core/dvbfrontend.c of the Linux operating system’s DVB kernel is related to incorrect use of synchronization mechanisms. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the Secure Socket Tunneling Protocol (SSTP) implementation in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Secure Socket Tunneling Protocol SSTP implementation in the Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of the Graphics component in Windows operating systems, which allows attackers to exploit their privileges

The vulnerability of the Graphics component in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

Race condition vulnerability in positionManager minting function

Lines of code Vulnerability details Impact race condition vulnerability can result in the issuance of duplicate token IDs. When multiple transactions are executed in quick succession attempting to mint tokens, they may end up being assigned the same ID due to a shared counter or variable used to...

The vulnerability of the Windows OLE operating system technology, which allows a hacker to execute arbitrary code.

The vulnerability of the Windows OLE operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

IBM QRadar Data Synchronization App Encryption Issue Vulnerability

IBM QRadar Data Synchronization App is a data resiliency solution from IBM USA. An encryption issue vulnerability exists in IBM QRadar Data Synchronization App versions 1.0 through 3.0.1, which stems from the use of a weaker-than-expected encryption algorithm. An attacker could exploit the...