The vulnerability of the Linux operating system’s kernel allows a hacker to trigger a service failure and obtain confidential information.

The vulnerability in the driver /infiniband/core/uverbsmain.c of Linux operating systems arises due to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to obtain confidential information or cause service failures...

The vulnerability in the daemon/archive.go component of the automation tool for deploying and managing applications in Docker-enabled environments allows a malicious individual to escalate their privileges and gain access to read and write file operations.

The vulnerability in the daemon/archive.go component of the automation tool for deploying and managing applications in Docker-enabled environments is related to synchronization errors when using a shared resource. This “race condition” allows an attacker to increase their privileges and gain acce...

The vulnerability in the implementation of the Siemens R3964 driver’s code in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the Siemens R3964 driver implementation, located in the Linux kernel’s drivers/tty/nr3964.c file, is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause service failures...

Nextcloud: User can delete data in shared folders he's not autorized to access

Steps to reproduce 1. create a group folder named TEST and share with "admin group" and "test group", marking the advanced permission flag 2. create two folders inside the main share: visible and invisible 3. inside "invisible" folder create a test file let's say something like "test.txt" 4. set...

Command Execution Vulnerability in zzzzphp

zzphp using PHP+mysql/access/sqlite free station building system, support for cell phone automatic synchronization. zzzphp there is a command execution vulnerability , attackers into the background management system , you can use the vulnerability to indirectly execute system commands...

CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices...

CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices...

Session fixation

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices...

Weak Password Vulnerability in Isthmus Electronic Document Security Management System

Electronic document security management system referred to as: CDG is an electronic document security protection software. Document security management system background configuration system there is a default password, the attacker can enter the background through the default password to obtain...

Citrix SDWAN High Availability FAQ

Q: What is the Platform and License Requirement for SDWAN High availability? The Platform and licenses should be same for both devices which participates in HA Q: What protocol and port numbers used by SDWAN for HA communication? SDWAN uses Citrix Proprietary protocol for HA communication and UDP...

PT-2020-8985 · Ntp +4 · Ntp +4

Name of the Vulnerable Software and Affected Versions: ntp versions 4.2.8p10 through 4.2.8p13 Description: The issue allows remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0018) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86/mds: Add empty commit for CVE-2019-11091 Konrad Rzeszutek Wilk Orabug: 29721935 CVE-2019-11091 - x86/microcode: Add loader version file in debugfs Boris Ostrovsky Orabug: 29754165 - x86/microcode:...

EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1475)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The skbflowdissect function in net/core/flowdissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denia...

CVE-2019-5675

NVIDIA Windows GPU Display driver software for Windows all versions contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior a...

GE IC694PSM001 PACSystems RX3i Power Synchronization and Measurement Module and Interface Module Detection

Binary data 755500.prm...

Unprotected Storage Of Credentials

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating...

Buffer Overflow

PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to...

The vulnerability of Systemd demons, related to the simultaneous use of shared resources and synchronization errors, allows a perpetrator to trigger a service failure.

The vulnerability of Systemd relates to the simultaneous use of shared resources and synchronization errors. Exploiting this vulnerability can allow a remote attacker to cause service failures...

The vulnerability of the nginx web server module in Phusion Passenger, related to the simultaneous use of shared resources and synchronization errors, allows attackers to gain access to confidential data.

The vulnerability of the nginx web server module in Phusion Passenger is related to the simultaneous use of a shared resource and synchronization errors when the passengerinstanceregistrydir configuration is not set strictly enough. Exploiting this vulnerability can allow an attacker to gain acce...

Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1 virtualization is enabled. This high resolution timerhrtimer runs when a L2 guest is active. After VM exit, the syncvmcs12 timer object is stopped. The...