The vulnerability of the Layer 2 Tunneling Protocol (L2TP) implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Layer 2 Tunneling Protocol L2TP implementation in Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Layer 2 Tunneling Protocol (L2TP) implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Layer 2 Tunneling Protocol L2TP implementation in Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2023-2466 · Microsoft · Windows Clip Service +1

Name of the Vulnerable Software and Affected Versions: Windows Clip Service affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the Windows Clip Service of Windows operating systems. This can allow an attacker to elevate their...

PT-2023-2303 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in Windows DNS Server, allowing remote attackers to execute arbitrary code and affect the system...

PT-2023-2304 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server versions affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in Windows DNS Server, allowing a remote attacker to execute arbitrary code. This can...

PT-2023-2399 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows Internet Key Exchange IKE Protocol Extensions affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Internet Key Exchange IKE protocol ...

Siemens SCALANCE W1750D Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2021-25158)

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant...

PT-2023-2271 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Layer 2 Tunneling Protocol L2TP in Windows operating systems. This can allow a...

PT-2023-2288 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Layer 2 Tunneling Protocol L2TP in Windows operating systems. This can allow a...

Pegasystem Synchronization Engine 信任管理问题漏洞

Pegasystem Synchronization Engine is a synchronization engine application from Pegasystem Corporation. A security vulnerability exists in Pegasystem Synchronization Engine versions 3.1.1 through 3.1.27, which can be exploited by a user with non-administrative access to change the configuration fi...

The vulnerability of the client installer for conducting real-time audio and video conferences. Zoom Client for IT Admins allows a perpetrator to elevate their privileges to the level of SYSTEM.

The vulnerability of the client installer for conducting real-time audio and video conferences in Zoom Client for IT Admins is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to elevate their privileges to the SYSTEM level...

The vulnerability of the Gatekeeper component of the macOS Ventura operating system, which allows a perpetrator to increase their privileges

The vulnerability of the Gatekeeper component in the macOS Ventura operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

Vulnerabilities fixed in IBM QRadar SIEM

IBM fixed vulnerabilities in subcomponents of QRadar SIEM: Data Synchronization App, Use Case Manager app, QRadar Assistant app, Data Synchronization app and Wincollect agent. A malicious party can exploit the vulnerabilities to cause a denial-of-service, to gain access to sensitive data, or to...

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-0235 DESCRIPTION: Node.js...

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-22313 DESCRIPTION: IBM QRadar Dat...

CVE-2023-28997

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5...

CVE-2023-28997

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5...

Design/Logic Flaw

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5...

CVE-2023-29000

The CVE-2023-29000 entry affects the Nextcloud Desktop Client. Starting with version 3.0.0 and prior to 3.7.0, the client trusts that the server certificate belongs to the user’s keypair, allowing a malicious server to cause the desktop client to encrypt files with an attacker-known key. The issu...

CVE-2023-29000 Nextcloud Desktop client does not verify received singed certificate in end-to-end encryption

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt file...