Issues with Workspace Environment Management (WEM) after deprecation of the legacy sync framework

Microsoft Sync Framework 2.1 reached End of Life on January 12, 2021. So, WEM has removed the legacy sync service based on that framework, and instead uses a new sync framework, Dotmim.Sync, an open-source sync framework. By default, the legacy sync service uses the port 8285, and the new sync...

CVE-2020-11152

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

Race condition

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2020-14098

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

Design/Logic Flaw

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2020-14098

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

[SECURITY] [DLA 2515-1] csync2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2515-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 04, 2021 https://wiki.debian.org/LTS -...

ASB-A-169933423

In isdevicelocked and setdevicelocked of keystorekeymasterenforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not...

Rust futures-util crate security vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in futures-util crate before 0.3.2 for Rust, which stems from the fact that FuturesUnordered may result in data corruption due to improper synchronization handling...

The vulnerability of the Ansible configuration management system, related to synchronization errors when using a shared resource, allows a perpetrator to escalate their privileges and execute arbitrary code.

The vulnerability of the Ansible configuration management system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges and execute arbitrary code...

The vulnerability of the Junos operating system arises from synchronization errors when using shared resources, allowing a attacker to trigger an extended denial-of-service attack.

The vulnerability of the Multiservices PIC Management Daemon mspmand implementation in the Junos operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow a malicious actor to initiate an extended denial-of-service attack from a...

Philips Hue Resource Management Error Vulnerability

Philips Hue is a smart lighting device from the Chinese company Philips. A security vulnerability exists in Philips Hue, the vulnerability stems from a SYN flood sent on tcp port 80 will freeze the Philips Hue's hub and it will stop responding...

openGauss: Configuring an NTP Server

The Network Time Protocol NTP is used to synchronize time between clients and servers on the network. By configuring an NTP, you can synchronize the clock of a PC to the Coordinated Universal Time UTC and synchronize system clocks of multiple OSs. Copyright C 2020 Greenbone Networks GmbH Some tex...

PT-2020-17627 · Rust · V9 Crate

Name of the Vulnerable Software and Affected Versions: v9 crate through 2020-12-18 Description: An issue was discovered in the v9 crate, where affected versions unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. The SyncRef derives...

Metasploit Wrap-Up

In case you missed it, this past weekend the Metasploit team hosted the latest Metasploit CTF. We saw 1903 users register in this round and some excellent writeups have been published on what they found. If you participated but haven’t had a chance to fill out our feedback survey you can find it...

The vulnerability of the ImageBurner browser component in Google Chrome allows a hacker to execute arbitrary code.

The vulnerability of the ImageBurner browser component in Google Chrome arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ntp Vulnerability (NS-SA-2020-0083)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ntp packages installed that are affected by a vulnerability: - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofe...

The vulnerability of Junos operating system’s MX series routers, related to synchronization errors when using shared resources, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Junos operating system’s MX series routers is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information...

The vulnerability of Xen hypervisors arises from the simultaneous execution using a shared resource with incorrect synchronization. This “race condition” allows a malicious actor to cause a service failure or increase their privileges.

The vulnerability of Xen hypervisors arises from the simultaneous execution using a shared resource with incorrect synchronization. Exploiting this vulnerability can allow an attacker to cause service failures or increase their privileges...

Vulnerability in the Microprogramming Software of the Intel Converged Security and Manageability Engine (CSME) and the Intel Server Platform Services (SPS) allows attackers to enhance their privileges.

The vulnerability in the Microprogramming Software of the Intel Converged Security and Manageability Engine CSME and the Microprogramming Software of the Intel Server Platform Services SPS is caused by synchronization errors when using a shared resource. Exploiting this vulnerability can allow an...