Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling Vulnerability

Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling. Apache Tomcat versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 are vulnerable. Exploit Title: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling Date: 1/31/2024 Exploit Author: xer0dayz Vendor...

xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Internet Bug Bounty: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling (Client- Side Desync) (CWE: 444)

SECURITY CVE-2024-21733 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0-M11 to 9.0.43 Apache Tomcat 8.5.7 to 8.5.63 Description: Incomplete POST requests triggered an error response that could contain data fr...

Malicious code in sync-axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 335de7612c8237e0a74d2c894424bda2c8a5e6547fa9bb6782ec0a94d4353226 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nylas-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2deede55e9c84cfc6a261b2de7de468c49dd03fe6cdee3eda009eeaa0cdb0a73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-79 Malicious code in nylas-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2deede55e9c84cfc6a261b2de7de468c49dd03fe6cdee3eda009eeaa0cdb0a73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

January 2, 2024, update for OneNote 2016 (KB5002500)

January 2, 2024, update for OneNote 2016 KB5002500 This article discusses update 5002500 for Microsoft OneNote 2016 that was released on January 2, 2024.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

CLZero - A Project For Fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors

A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. About Thank you to @albinowax, @defparam and @d3d else this tool would not exist. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and...

PT-2023-8034 · Totolink · Totolink Ex1800T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue concerns arbitrary command execution in the host time parameter of the NTPSyncWithHost interface of the cstecgi .cgi. This vulnerability exists due to the lack of measures...

GHSA-F23H-52HJ-99P6 Apache IoTDB: Unsafe deserialize map in Sync Tool

Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue...

Azure File Sync Agent v17.0 Release – December 2023 (KB5023053)

Update for Azure File Sync agent version 17.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

CVE-2023-33106

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTLKGSLGPUAUXCOMMAND...

CVE-2023-33106

CVE-2023-33106 is a memory corruption vulnerability in Qualcomm graphics drivers, caused by an out-of-range pointer offset when submitting a large list of sync points to IOCTL_KGSL_GPU_AUX_COMMAND. Affected component is Qualcomm chipsets’ graphics subsystem (KGSL driver). The issue is locally exp...

Azure File Sync Agent v17 Release - December 2023

Azure File Sync Agent v17 Release - December 2023 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v17.1 release that is dated February 2024. Additionally, this article contains installation instructions for this release. Improvements and issues that...

Azure File Sync Agent v17.0 Release – December 2023 (KB5023053)

Update for Azure File Sync agent version 17.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v17.0 Release – December 2023 (KB5023053)

Update for Azure File Sync agent version 17.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v17.0 Release – December 2023 (KB5023053)

Update for Azure File Sync agent version 17.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

SUSE CVE-2023-45286

A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...

DEBIAN-CVE-2023-45286

A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...