The vulnerability of the L2ALM component in Juniper Networks’ Junos OS-based QFX router series allows a hacker to induce a service failure.

The vulnerability of the L2ALM component Layer 2 Address Learning Manager in Juniper Networks’ Junos OS-based QFX series routers stems from the use of memory after it is freed due to synchronization errors when using shared resources. Exploiting this vulnerability can allow a malicious actor to...

kernel: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

n the Linux kernel’s Bluetooth subsystem there is a flaw in the way Bluetooth HCI work items are queued. Under certain conditions, work associated with command timeouts hdev-cmd,ncmdtimer could be scheduled on the wrong workqueue while the intended workqueue is being drained. This occurs because...

kernel: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted

A flaw was found in the jbd2 module in the Linux kernel. An assertion failure can be triggered when a specific sequence of transactions and operations is performed due to incorrect synchronization, potentially resulting in a denial of service...

PT-2023-2709 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows Lightweight Directory Access Protocol LDAP affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Lightweight Directory Access Protocol...

PT-2023-2694 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows Secure Socket Tunneling Protocol SSTP affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Secure Socket Tunneling Protocol SSTP in th...

PT-2023-2626 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the Windows OLE technology, which can be exploited by a remote attacker to execute arbitrary code. This...

PT-2023-2691 · Microsoft · Windows Graphics +1

Name of the Vulnerable Software and Affected Versions: Windows Graphics Component affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in the Windows Graphics Component. This can allow an attacker to elevate their privileges. The...

CVE-2023-30844

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

Design/Logic Flaw

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

CVE-2023-30844

Mutagen (mutagen and mutagen-compose) before versions 0.16.6/0.17.1 are vulnerable: list and monitor commands can accept control characters from remote endpoints, risking terminal corruption and potential exploitation when syncing with untrusted endpoints or paths. The issue is caused by unneutra...

CVE-2023-30844 Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

CVE-2022-22313

IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370...

CVE-2022-22313

IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370...

CVE-2022-22313 IBM QRadar Data Synchronization App information disclosure

IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370...

CVE-2022-22313

CVE-2022-22313 affects IBM QRadar Data Synchronization App (versions 1.0–3.0.1). The issue is the use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. IBM’s security bulletin and multiple feeds confirm the root cause as encry...

IBM QRadar Data Synchronization App 加密问题漏洞

IBM QRadar Data Synchronization App is a data resiliency solution from IBM USA. An encryption issue vulnerability exists in IBM QRadar Data Synchronization App versions 1.0 through 3.0.1, which stems from the use of a weaker-than-expected encryption algorithm. An attacker could exploit the...

PT-2023-12684 · Ibm · Ibm Qradar Data Synchronization App

Name of the Vulnerable Software and Affected Versions: IBM QRadar Data Synchronization App versions 1.0 through 3.0.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information...

Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints

Impact Mutagen command line operations, as well as the log output from mutagen daemon run, are susceptible to control characters that could be provided by remote endpoints. This can cause terminal corruption, either intentional or unintentional, if these characters are present in error messages,...

Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection

Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Tracked as CVE-2023-27350 CVSS score: 9.8, the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticate...

The vulnerability of antivirus protection tools such as Avast Antivirus, AVG Antivirus, and Avira Security for Windows operating systems allows a hacker to execute arbitrary files.

The vulnerability of antivirus protection tools such as Avast Antivirus, AVG Antivirus, and Avira Security for Windows operating systems is related to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to execute arbitrary files...