CVE-2023-28998

The CVE-2023-28998 entry concerns the Nextcloud Desktop Client. Versions from 3.0.0 up to, but not including, 3.6.5 are vulnerable: a malicious server administrator can gain full access to an end-to-end encrypted folder, decrypt files, recover the folder structure, and add new files. Affected sof...

CVE-2023-28997 Nextcloud Desktop: Initialization vector reuse in E2EE allows malicious server admin to break, manipulate, access files

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5...

CVE-2023-28997

Summary (CVE-2023-28997) The Nextcloud Desktop Client is affected when running versions 3.0.0 up to before 3.6.5, where an attacker with control of a malicious server could recover and modify the contents of end-to-end encrypted files due to a vulnerability tied to IV reuse in the E2EE scheme. Th...

CVE-2023-1202

Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision...

Authentication flaw

Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision...

Authentication flaw

Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2023.1.9 and prior versions, which arises from a vulnerability that allows users with...

Microsoft Edge’s vulnerability, related to synchronization errors when using a shared resource, allows attackers to escalate their privileges.

The vulnerability of Microsoft Edge is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability can allow an attacker to gain increased privileges...

PT-2023-1978 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to synchronization errors, specifically a "race condition" scenario, which can be exploited to elevate privileges. Recommendations: At the moment,...

The vulnerability of the implementation of the Point-to-Point Protocol (PPP) in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Point-to-Point Protocol PPP implementation in the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the implementation of the Point-to-Point Protocol (PPP) in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Point-to-Point Protocol PPP implementation in the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the infrastructure service of Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the broker’s infrastructure service for Windows operating systems is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability in the implementation of the Point to Point Tunneling Protocol (PPTP) network protocol for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Point to Point Tunneling Protocol PPTP implementation in Windows operating systems is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of the Microsoft Malware Protection Engine’s security module allows attackers to enhance their privileges within the system.

The vulnerability of the Microsoft Malware Protection Engine arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges within the system...

The vulnerability of the Linux operating system’s IPv6 protocol implementation allows a attacker to cause a service failure or potentially have other adverse effects.

The vulnerability of the Linux operating system’s IPv6 kernel implementation stems from synchronization errors when using shared resources. Exploiting this vulnerability can allow a remote attacker to cause service failures or potentially have other adverse effects...

PT-2023-36408 · Gnu +1 · Linux +1

Уязвимость сетевого интерфейса B.A.T.M.A.N. Better Approach To Mobile Adhoc Networking ядра операционной системы Linux связана с некорректной синхронизации процесса удаления сетевого устройства и выполнения отложенных задач в функции batadv dat start timer в модуле distributed-arp-table.c...

PT-2023-1777 · Microsoft · Windows Brokerinfrastructure Service +1

Name of the Vulnerable Software and Affected Versions: Windows BrokerInfrastructure Service affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in the Windows BrokerInfrastructure Service. It is caused by synchronization errors when using a...

PT-2023-1748 · Microsoft · Windows Point-To-Point Protocol Over Ethernet +1

Name of the Vulnerable Software and Affected Versions: Windows Point-to-Point Protocol over Ethernet PPPoE affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the Windows Point-to-Point Protocol PPP implementation. This allows...

PT-2023-1779 · Microsoft · Defender

Name of the Vulnerable Software and Affected Versions: Microsoft Defender affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in Microsoft Defender. It is caused by synchronization errors when using a shared resource in the Microsoft Malwar...

Security Bulletin: IBM MQ is affected by a denial of service vulnerability due to an error within the CCDT and channel synchronization logic (CVE-2022-40237)

Summary An issue was identifed within the MQ channel processing when a channel CCDT file contains invalid or corrupted records. Vulnerability Details CVEID:CVE-2022-40237 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization...