CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos OS Evolved and Junos operating systems allows a hacker to trigger a service failure.

The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos OS Evolved and Junos operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

[SECURITY] Fedora 37 Update: syncthing-1.23.0-2.fc37

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

[SECURITY] Fedora 36 Update: syncthing-1.23.0-2.fc36

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

The vulnerability of the Damage Cleanup Engine in the Trend Micro Maximum Security antivirus protection software allows a malicious actor to enhance their privileges.

The vulnerability of the Damage Cleanup Engine in the Trend Micro Maximum Security antivirus software is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the Synchronization sub-component of the Oracle Mobile Field Service component in the Oracle E-Business Suite system allows a perpetrator to gain access to modify, add, or delete protected data.

The vulnerability of the Synchronization sub-component of the Oracle Mobile Field Service component in the Oracle E-Business Suite enterprise automation system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker who operates remotely to modify,...

The vulnerability of the Overlay Filter component in Windows operating systems allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Overlay Filter component in Windows operating systems is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

389-ds-base: SIGSEGV in sync_repl

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service...

The vulnerability of the ALSA:pcm component (the audio subsystem of the Linux operating system), which allows a hacker to cause a service failure and gain unauthorized access to protected information.

The vulnerability of the ALSA:pcm component the audio subsystem of the Linux operating system is related to a synchronization violation in sndctlelemreaduser. Exploiting this vulnerability can allow an attacker to cause service failures and gain unauthorized access to protected information...

The vulnerability of the Bluetooth driver for Microsoft Windows operating systems, which allows a hacker to gain increased privileges

The vulnerability of the Bluetooth driver for Microsoft Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the Event Tracing service in Microsoft Windows operating systems allows attackers to disclose protected information.

The vulnerability of the Event Tracing service in Microsoft Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...

The vulnerability of the Windows Installer component on Windows operating systems, which allows a hacker to increase their privileges

The vulnerability of the Windows Installer component in Windows operating systems is related to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of Zoom’s video conferencing software relates to synchronization errors when using shared resources, allowing attackers to execute arbitrary code with system privileges.

The vulnerability of Zoom’s video conferencing software is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to execute arbitrary code with system privileges...

The vulnerability of the Windows GDI component in Microsoft Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Windows GDI component in Microsoft Windows systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the Windows Local Session Manager (LSM) component of the Windows operating system allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Windows Local Session Manager LSM component of the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the device...

CVE-2023-21853

Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite component: Synchronization. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field...

The vulnerability of the Malicious Software Removal Tool (MSRT) lies in synchronization errors when using a common resource, allowing attackers to gain increased privileges.

The vulnerability of the Malicious Software Removal Tool MSRT relates to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

PT-2023-1240 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Synchronization component of Oracle Mobile Field Service. It allows an unauthenticated attacker with network...

PT-2023-33149 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue is related to the synchronization of EFI page table's kernel mappings before switching. The actual impact and attack plausibility have not yet been proven. Recommendations: For Lin...

PT-2023-33242 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.82 Description: The issue is related to the synchronization of EFI page table's kernel mappings before switching. The actual impact and attack plausibility have not yet been proven. Recommendations: For...