Vulnerability of the mstolfp() function (libntp/mstolfp.c) in the ntpq monitoring program, which implements a time synchronization protocol. This vulnerability allows a perpetrator to execute arbitrary code.

The vulnerability of the mstolfp function libntp/mstolfp.c in the ntpq monitoring program, which implements the NTP time synchronization protocol, is related to writing beyond the buffer boundaries within the cpcpdec loop. Exploiting this vulnerability could allow a remote attacker to execute...

Google Authenticator WILL get end-to-end encryption. Eventually.

Following criticism, Google has decided to bring end-to-end encryption E2EE to its Google Authenticator cloud backups. The search giant recently introduced a feature that allows users back up two-factor authentication 2FA tokens to the cloud, but the lack of encryption caused some commentators to...

Siemens TIM 4R-IE Devices Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2016-4954)

The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer- variable modification by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication...

The vulnerability of antivirus protection tools such as Avast Antivirus, AVG Antivirus, and Avira Security for Windows operating systems allows a malicious individual to perform unauthorized deletion of files or directories.

The vulnerability of antivirus protection tools such as Avast Antivirus, AVG Antivirus, and Avira Security for Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to perform unauthorized deletion of files...

The vulnerability of antivirus protection tools such as Avast Antivirus, AVG Antivirus, and Avira Security for Windows operating systems allows a hacker to trigger a service failure.

The vulnerability of antivirus protection tools such as Avast Antivirus, AVG Antivirus, and Avira Security for Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to cause service interruptions...

The vulnerability of the Win32k.sys component of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Win32k.sys component of the Windows operating system is related to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow an attacker to increase their privileges...

Siemens SIMATIC NET CP 443-1 OPC UA Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2016-4955)

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service peer-variable clearing and association outage by sending 1 a spoofed crypto-NAK packet or 2 a packet with an incorrect MAC value at a certain time. This plugin only works with Tenable.ot...

Siemens SCALANCE XCM332 Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2022-1729)

A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. This plugin only works with Tenable.ot. Please...

PT-2023-2825 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to a synchronization error in the rcu barrier function of the ksmbd module in the Linux kernel, which can be exploited to elevate privileges and execute arbitrary...

The vulnerability of the CNG Key Isolation service in Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the CNG Key Isolation service in Windows operating systems is related to synchronization errors when using common resources. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of the Advanced Local Procedure Call (ALPC) handler in Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Advanced Local Procedure Call ALPC in Windows operating systems is related to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of the Windows Clip Service on Windows operating systems allows a perpetrator to escalate their privileges.

The vulnerability of the Windows Clip Service on Windows operating systems arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerabilities of encryption algorithms such as PKCS#1 v1.5, RSA-OEAP, and RSASVE in the OpenSSL cryptographic library allow attackers to execute the Bleichenbacher attack.

The vulnerability of encryption algorithms such as PKCS1 v1.5, RSA-OEAP, and RASSEV in the OpenSSL cryptographic library is related to the creation of a secondary synchronization channel due to time differences. Exploiting this vulnerability can allow an attacker operating remotely to execute a...

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords TOTPs to the cloud. "This change means users are better protected from lockout and...

The vulnerability in the implementation of the Internet Key Exchange (IKE) protocol in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Internet Key Exchange IKE protocol implementation in Windows operating systems is related to synchronization errors when using a common resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability affects the implementation of the Windows Network Protocol Point-to-Point Protocol over Ethernet (PPPoE) on Windows operating systems, allowing a hacker to execute arbitrary code.

The vulnerability of the Windows Network Protocol Point-to-Point Protocol over Ethernet PPPoE implementation in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the da9150_charger_remove() function in the drivers/power/supply/da9150-charger.c file of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the da9150chargerremove function in the drivers/power/supply/da9150-charger.c file of the Linux kernel is related to the use of memory after it is freed due to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a...

Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP Vulnerability

Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10....

The vulnerability of Windows operating system DNS servers allows a perpetrator to execute arbitrary code.

The vulnerability of Windows operating system DNS servers is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Windows operating system DNS servers allows a perpetrator to execute arbitrary code.

The vulnerability of Windows operating system DNS servers is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...