The vulnerability in the driver/tty/vcc.c component of the Linux operating system’s kernel allows a attacker to compromise the integrity and accessibility of protected information.

The vulnerability in the drivers/tty/vcc.c component of the Linux operating system’s kernel arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to compromise the integrity and accessibility of protected information...

The vulnerability of operating systems macOS, iOS, and iPadOS, related to synchronization errors when using shared resources (“Race Conditions”), allows attackers to read arbitrary files.

The vulnerability of operating systems macOS, iOS, and iPadOS is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability allows an attacker to read arbitrary files...

The vulnerability of AMD Secure Processor’s microprogramming software is related to synchronization errors when using shared resources (“Race Conditions”). This allows a malicious actor to trigger a service failure.

The vulnerability of AMD Secure Processor ASP microprogramming software is related to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2022-40237

IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727...

CVE-2022-40237

IBM MQ for HPE NonStop 8.1.0 is affected by a denial-of-service vulnerability (CVE-2022-40237) caused by an error in the CCDT and channel synchronization logic. IBM’s bulletin (APAR IT43171) fixes this issue for the 8.1 line (8.1.0.12) and related 9.x LTS/CD lines with corresponding updates; reme...

PT-2023-13778 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ for HPE NonStop version 8.1.0 Description: The issue is related to a denial of service attack due to an error within the CCDT and channel synchronization logic. Recommendations: For IBM MQ for HPE NonStop version 8.1.0, at the moment,...

IBM MQ 输入验证错误漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable, validated messaging backbone for service-oriented architectures SOA. An input validation error vulnerability exists in IBM MQ for HPE NonStop version...

Siemens SCALANCE X-200RNA Switch Devices Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2018-15473)

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. - OpenSSH through 7.7 is prone to a...

K69422435: BIG-IQ HA vulnerability CVE-2020-5870

Security Advisory Description BIG-IQ high availability HA synchronization mechanisms do not use any form of authentication for connecting to the peer. CVE-2020-5870 Impact An attacker on an adjacent network may be able to establish a connection to the BIG-IQ HA synchronization with no...

K28855111: BIG-IQ HA vulnerability CVE-2020-5869

Security Advisory Description BIG-IQ high availability HA synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. CVE-2020-5869 Impact Certain BIG-IQ data may be compromised when the vulnerability is exploited on a BIG-IQ HA configuratio...

K71245322: NTP vulnerability CVE-2015-8138

Security Advisory Description NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. CVE-2015-8138 Impact An attacker may be able to disable time synchronization with the server or push...

K74759095: SafeNet External Network HSM script vulnerability CVE-2017-6165

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM...

K10600056: NTP vulnerability CVE-2015-5300

Security Advisory Description It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. CVE-2015-5300 Impact A man-in-the-middle attacker able to intercept network time protocol NTP traffic between a...

K16506: NTP vulnerability CVE-2015-1799

Security Advisory Description The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service...

K44305703: NTP vulnerability CVE-2020-11868

Security Advisory Description The ntpd daemon in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid orig...

K13540723: NTP vulnerability CVE-2018-7184

Security Advisory Description ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service disruption by sending a packet with a zero-origin timestamp causing the association to reset and setting the...

_distributeProfit will use the stale globalIC.swingTraderCollateralDeficit()/swingTraderCollateralRatio(), which will result in incorrect profit distribution

Lines of code Vulnerability details Impact The distributeProfit called by handleProfit will use globalIC.swingTraderCollateralDeficit/swingTraderCollateralRatio when distributing profits, and the latest globalIC.swingTraderCollateralDeficit/swingTraderCollateralRatio needs to be used to ensure th...

StabilizerNode.stabilize uses stale GlobalImpliedCollateralService data, which will make stabilize incorrect

Lines of code Vulnerability details Impact In StabilizerNode.stabilize, impliedCollateralService.syncGlobalCollateral is called only at the end of the function to synchronize the GlobalImpliedCollateralService data. if !shouldAdjustSupplyexchangeRate, stabilizeToPeg lastStabilize = block.timestam...

SUSE CVE-2002-2438

TCP firewalls could be circumvented by sending a SYN Packets with other flags like e.g. RST flag set, which was not correctly discarded by the Linux TCP stack after firewalling...

SUSE CVE-2006-1242

The ippushpendingframes function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan nmap -sI attack, which bypasses intended protections against such attacks...