PT-2022-2760 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the Windows operating system. It allows remote attackers to execute arbitrary code and affect the...

PT-2022-2819 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in the Windows operating system. It allows a remote attacker to potentially elevate their privileges. The...

The vulnerability of the SSL socket layer of the Asterisk IP telephony management system, which implements the SIP protocol PJSIP, allows attackers to induce a service failure.

The vulnerability of the SSL socket layer of the Asterisk IP telephony management system, where the SIP protocol PJSIP is implemented, is related to the simultaneous execution using a shared resource with incorrect synchronization. Exploiting this vulnerability allows an attacker who operates...

The vulnerability in the implementation of the SSHv2 protocol by the Paramiko library arises from synchronization errors when using a shared resource, allowing an attacker to gain access to confidential information.

The vulnerability of the SSHv2 protocol implementation by the Paramiko library is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to access confidential information...

PT-2022-2349 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the Advanced Local Procedure Call ALPC handler of the Windows operating system. This can allow an attacker to...

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...

The vulnerability of the Tablet Windows User Interface Application component of the Microsoft Windows operating system, which allows a perpetrator to increase their privileges

The vulnerability of the Tablet Windows User Interface Application component of the Microsoft Windows operating system is related to the use of a common resource with incorrect synchronization. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Windows Update Stack component of the Microsoft Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows Update Stack component in the Microsoft Windows operating system is related to the use of a shared resource with incorrect synchronization. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Windows DWM library in the Microsoft Windows operating system, which allows attackers to escalate their privileges

The vulnerability of the Windows DWM library in the Microsoft Windows operating system is related to the use of a shared resource with incorrect synchronization. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of microprogrammed software in time-synchronization servers for precise timing, such as Reason RT430/RT434 GNSS Grandmaster Clock, is related to the possibility of introducing code that allows a violator to execute arbitrary code.

The vulnerability of the microprogramming software used in time-synchronized server synchronization systems like Reason RT430/RT434 GNSS Grandmaster Clock is related to the possibility of code injection. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

VDA not registered with the cloud connector Clock sync error

The VDA logon server reaching to different Geo Domain controller...

The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the Advanced Local Procedure Call (ALPC) handler in the Microsoft Windows operating system allows attackers to escalate their privileges.

The vulnerability of the Advanced Local Procedure Call ALPC in the Microsoft Windows operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...

The vulnerability of the Advanced Local Procedure Call (ALPC) handler in Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the Advanced Local Procedure Call ALPC in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

sysend.js 访问控制错误漏洞

sysend.js is a small library by the Polish personal developer Jakub T. Jankiewicz. It is used for web application synchronization. An access control error vulnerability exists in sysend.js, which stems from the fact that users using cross-domain communication may have their communication...

Nextcloud Information Disclosure Vulnerability (CNVD-2022-20155)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Nextcloud Germany.A security vulnerability exists in Nextcloud Server, which is due to an issue with the Nextcloud Text application which is provided with Nextcloud Server by...

Nextcloud server denial of service vulnerability (CNVD-2022-20690)

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server has a denial of service vulnerability that stems from a networked system or product that does not properly validate data boundaries when performing...

Race condition

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...