CLSA-2021-1633442934 Fix of CVE: CVE-2020-11868

CVE-2020-11868: incorrect handling of packets from unauthenticated synchronization source with spoofed IP address leads to denial of service...

Fix of CVE: CVE-2020-11868

CVE-2020-11868: incorrect handling of packets from unauthenticated synchronization source with spoofed IP address leads to denial of service...

The vulnerability of the net/bluetooth/hci_request.c component in the Linux operating system allows a hacker to execute arbitrary code.

The vulnerability of the net/bluetooth/hcirequest.c component in the Linux operating system arises from the simultaneous execution using a shared resource with incorrect synchronization of the “Race Situation”. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Qualcomm 多款产品缓冲区错误漏洞

The Qualcomm QCA6574AU and SDX55 are both products of Qualcomm Incorporated Qualcomm, U.S.A. The QCA6574AU is a central processing unit CPU product.The SDX55 is a modem. A security vulnerability exists in multiple Qualcomm products that could result in out-of-bounds memory accesses due to imprope...

The vulnerability in the kernel of Apple’s operating systems—Mac OS, iOS, iPadOS, watchOS, and tvOS—allows attackers to escalate their privileges.

The vulnerability in the kernel of Apple’s operating systems—Mac OS, iOS, iPadOS, watchOS, and tvOS—is related to the use of a shared resource with incorrect synchronization. Exploiting this vulnerability can allow an attacker to increase their privileges...

PT-2021-7323 · Linux +9 · Linux Kernel Overlayfs Subsystem +9

Name of the Vulnerable Software and Affected Versions: Linux kernel OverlayFS subsystem affected versions not specified Description: A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific ways with OverlayFS. This issue coul...

CVE-2021-34697

A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service DoS attacks to or through the affected device. This vulnerability is due to incorrect programming of the...

Security Bulletin: Vulnerability in ntp (CVE-2020-11868 and CVE-2020-13817).

Summary NTP Network Time Protocol used to synchronize the time on your Power Hardware Management Console HMC with a centralized NTP server. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a flaw in...

The vulnerability of the ptp4l software service, which is used to implement the PTP protocol for LinuxPTP, allows a malicious actor to cause an unexpected termination of the application.

The vulnerability of the ptp4l software service for implementing the LinuxPTP timing protocol is due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause an application to terminate abnormally by creating a one-step...

Nextcloud has an unspecified vulnerability (CNVD-2022-18419)

Nextcloud Text is an open source self-hosted file synchronization and sharing communication application platform from the German company Nextcloud. Nextcloud Text has a security vulnerability that could be exploited by attackers to enumerate folders in such shares...

Nextcloud Circles Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Nextcloud Circles, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the failure of the product's Content-Security-Policy to properly handle incoming input data in...

Nextcloud server authorization issue vulnerability (CNVD-2021-102886)

Nextcloud server is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server is vulnerable to authorization issues in versions prior to 20.0.12, 21.0.4 or 22.1.0. The vulnerability stems from a lack of authentication...

Mozilla Rust Memory Corruption Vulnerability (CNVD-2021-71657)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust hashconsing crate before 1.1.0, which stems from a limitation in HConsed's lack of sending or synchronization features, and could be exploited by an attacker to cause a...

Mozilla Rust Memory Corruption Vulnerability (CNVD-2021-71659)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. rust mayqueue crate through 2020-11-10 A security vulnerability exists due to a limitation in the queue's lack of send feature or synchronization feature, which could be exploited by an attacker to cause a memor...

Security Bulletin: IBM Security Identity Manager Password Synchronization Plug-in for Windows AD affected by multiple vulnerabilities (CVE-2021-20483, CVE-2021-20488)

Summary IBM has announced a release for IBM Security Identity Manager Password Synchronization Plug-in for Windows AD to address several security vulnerabilities. The vulnerabilities concern server side request forgery and account take over. Vulnerability Details CVEID: CVE-2021-20483 DESCRIPTION...

CVE-2021-39260

A crafted NTFS image can cause an out-of-bounds access in ntfsinodesyncstandardinformation in NTFS-3G 2021.8.22...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS has a security vulnerability that could be exploited by attackers to isolate and read synchronization files from other applications via UID sandboxing...

The vulnerability of Mozilla Maintenance Service allows attackers to escalate their privileges on Firefox ESR and Firefox browsers.

The vulnerability of the Mozilla Maintenance Service affects Firefox ESR and Firefox browsers due to synchronization errors when using a common resource. Exploiting this vulnerability can allow attackers to increase their privileges...

GHSA-MM4M-QG48-F7WC Improper Synchronization and Race Condition in vm-memory

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service loss of IP networking because readobj and writeobj do not properly access memory. This affects aarch64 with musl or glibc and x8664 with musl...

Improper Synchronization and Race Condition in vm-memory

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service loss of IP networking because readobj and writeobj do not properly access memory. This affects aarch64 with musl or glibc and x8664 with musl...