CVE-2023-33980

Briar Briar BSP vulnerability (CVE-2023-33980) affects Briar versions prior to 1.4.22. The issue, rooted in the Bramble Synchronisation Protocol, allows an attacker to trigger a denial of service by sending a series of long messages to a contact, causing repeated application crashes. The public d...

PT-2023-24614 · Briar · Briar

Name of the Vulnerable Software and Affected Versions: Briar versions prior to 1.4.22 Description: The issue allows attackers to cause a denial of service, resulting in repeated application crashes, by sending a series of long messages to a contact. This is achieved through the Bramble...

Debian DLA-2201-1 : ntp security update

A Denial of Service DoS vulnerability was discovered in the network time protocol server/client, ntp. ntp allowed an 'off-path' attacker to block unauthenticated synchronisation via a server mode packet with a spoofed source IP address because transmissions were rescheduled even if a packet lacke...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

CVE-2019-11135

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

Upgrading Crowd via XML Data Transfer reactivate disabled user from OpenLDAP - CVE-2019-20902

h3. Issue Summary Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. h3. Environment Crowd 3.x.x OpenLDAP h3. Steps to Reproduce Install Crowd 3.1.1 and connect with OpenLDAP directory. Synchronise the OpenLDAP directory. Disable one of the user from OpenLDAP...

CVE-2017-15227

Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on...

CVE-2017-15227

Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on...

UBUNTU-CVE-2017-15227

Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on...

CVE-2017-13671

app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation...

Debian DLA-559-1 : ntp security update

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs : CVE-2015-7974 Matt Street discovered that insufficient key validation allows impersonation attacks between authenticated peers. CVE-2015-7977 / CVE-2015-7978 Stephen Gray discovered that a NULL...

DLA-559-1 ntp - security update

Bulletin has no description...

Groups to Synchronise membership filter in Crowd/JIRA authentication not effective in some circumstances

Users existing in remote Crowd/JIRA authentication source may get access to FishEye/Crucible instance even if they are not members of specified "Groups to Synchronise"...

Groups to Synchronise membership filter in Crowd/JIRA authentication not effective in some circumstances

Users existing in remote Crowd/JIRA authentication source may get access to FishEye/Crucible instance even if they are not members of specified "Groups to Synchronise"...

[SECURITY] [DSA 2760-1] chrony security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2760-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 18, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2760-1 (chrony - several vulnerabilities)

Florian Weimer discovered two security problems in the Chrony time synchronisation software buffer overflows and use of uninitialised data in command replies. OpenVAS Vulnerability Test $Id: deb2760.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2760-1 using nvtgen 1.0...

DSA-2760-1 chrony - several

Bulletin has no description...