CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...

CVE-2023-37306

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...

CVE-2023-37306

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...

CVE-2023-37306

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...

Information disclosure

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...

CVE-2023-37306

CVE-2023-37306 pertains to MISP 2.4.172, where server sync mishandles certificate file extensions, causing information disclosure through error messages. The affected component is MISP 2.4.172; root cause is improper handling of certificate extensions during server synchronization. Impact is info...

CVE-2023-37306

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...

PT-2023-25897 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.172 Description: The issue arises from MISP's mishandling of different certificate file extensions during server sync, leading to sensitive information disclosure through error messages. Recommendations: For MISP version...

CVE-2023-37306

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...

CLSA-2023-1688070370 Fix CVE(s): CVE-2021-38371

SECURITY UPDATE: Response injection buffering during MTA SMTP sending - debian/patches/CVE-2021-38371.patch: Enforce STARTTLS sync point, client side in src/transports/smtp.c - CVE-2021-38371...

CLSA-2023-1687795531 Fix CVE(s): CVE-2021-38371

SECURITY UPDATE: Response injection buffering during MTA SMTP sending - debian/patches/CVE-2021-38371.patch: Enforce STARTTLS sync point, client side in src/transports/smtp.c - CVE-2021-38371...

CLSA-2023-1687795205 exim: Fix of CVE-2021-38371

CVE-2021-38371: Enforce STARTTLS sync point, client side in src/transports/smtp.c...

CLSA-2023-1687794906 exim: Fix of CVE-2021-38371

CVE-2021-38371: Enforce STARTTLS sync point, client side in src/transports/smtp.c...

exim: Fix of CVE-2021-38371

CVE-2021-38371: Enforce STARTTLS sync point, client side in src/transports/smtp.c...

MAL-2023-826 Malicious code in sync-https-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 216dcfab006171670a40ded9fe39fcad616a3998fd0c9544be5281a40e766a60 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

PT-2023-17922 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: A buffer overflow in the btm ble periodic adv sync lost function of btm ble gap.cc could lead to remote code execution with no additional execution privileges needed. User interaction is not required f...

CVE-2023-30285

An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser...

CVE-2023-30285

An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser...

Information disclosure

An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser...

CVE-2023-2909

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below...