CVE-2018-8956

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that...

Time synchronization issues on Windows VMs with the 9.x Citrix VM Tools

On Windows VMs with the xeniface 9.0.0.11 or 9.1.0.4 driver installed, the VM time can become unsynchronized when the time set by the Citrix VM Tools conflicts with the Windows VM's own time synchronization for example, using Active Directory or NTP...

Parsec - Secure Cloud Framework

Homepage: https://parsec.cloud Documentation: https://parsec-cloud.readthedocs.org. Parsec is a free software AGPL v3 aiming at easily share your work and data in the cloud in total privacy thanks to cryptographic security. Key features: Works as a virtual drive on you computer. You can access an...

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are caused by synchronization errors when using a shared resource. This vulnerability allows an attacker to execute arbitrary code.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are caused by synchronization errors when using a shared resource. Exploiting these...

The vulnerability of the XENMEM_exchange component in Xen hypervisors allows a hacker to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.

The vulnerability of the XENMEMexchange component in Xen hypervisors is related to the simultaneous execution using a shared resource with incorrect synchronization. Exploiting this vulnerability allows an attacker to gain unauthorized access to confidential data, cause service failures, and...

F5 BIG-IQ Access Control Error Vulnerability

F5 BIG-IQ is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. An access control error vulnerability exists in F5 BIG-IQ...

CVE-2020-5869

In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit...

CVE-2020-5870

In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization mechanisms do not use any form of authentication for connecting to the peer...

CVE-2020-5869

In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit...

CVE-2020-5870

In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization mechanisms do not use any form of authentication for connecting to the peer...

Path traversal

In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit...

Authentication flaw

In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization mechanisms do not use any form of authentication for connecting to the peer...

CVE-2020-5870

The CVE affects BIG-IQ HA synchronization in BIG-IQ 5.2.0–7.0.0, where the peer-connection lacks authentication, enabling an attacker on an adjacent network to initiate a connection and potentially access or tamper data. Root cause is unauthenticated HA synchronization traffic. Impact is rated hi...

CVE-2020-5870

In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization mechanisms do not use any form of authentication for connecting to the peer...

The vulnerability of the Symfony software development and management platform lies in its ability to simultaneously execute and utilize a shared resource with improper synchronization. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Symfony software platform for developing and managing web applications is related to the simultaneous execution and use of a shared resource with improper synchronization. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidentia...

Description of the SharePoint Workspace 2010 update: November 13, 2012

Description of the SharePoint Workspace 2010 update: November 13, 2012 INTRODUCTION Microsoft has released an update for Microsoft SharePoint Workspace 2010. This update provides the latest fixes for the 32-bit and 64-bit editions of SharePoint Workspace 2010. Issue that this update fixes When yo...

March 17, 2020—KB4541333 (OS Build 17134.1399)

March 17, 2020—KB4541333 OS Build 17134.1399 Windows 10, version 1803 the April 2018 Update Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update with...

Description of the hotfix rollup package for System Center Data Protection Manager 2010: November 10, 2010

Description of the hotfix rollup package for System Center Data Protection Manager 2010: November 10, 2010 Introduction This article describes the issues in Microsoft System Center Data Protection Manager DPM 2010 that are fixed in the Data Protection Manager 2010 hotfix rollup package version...

CVE-2020-11868

A flaw was found in the Network Time Protocol NTP, where a security issue exists that allows an off-path attacker to prevent the Network Time Protocol daemon ntpd from synchronizing with NTP servers not using authentication. A server mode packet with a spoofed source address sent to the client nt...

CVE-2020-11868

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp...