ntp: off-path denial of service on authenticated broadcast mode

It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer...

The vulnerability of the X Window System graphical server allows a perpetrator to alter file access rights or cause a service failure.

The vulnerability of the LockServer function os/utils.c in the X Window System graphical server arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker acting locally to change file access rights to “444” or to cause a service failure by...

Vivaldi 1.4.589.11 DLL Hijacking

Exploit Title: Vivaldi browser DLL Hijacking Author: Ashiyane Digital Security Team Vendor Homepage: https://vivaldi.com/ software link: https://downloads.vivaldi.com/stable/Vivaldi.1.4.589.11.exe Tested on:Windows 7 Date: 13-09-2016...

CVE-2016-8504

CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile...

Cross site request forgery (csrf)

CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile...

MS16-121: Description of the security update for Word 2016: October 11, 2016

MS16-121: Description of the security update for Word 2016: October 11, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

USN-3096-1 ntp vulnerabilities

Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. CVE-2015-7973 Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue ...

Storefront upgrade failing

-In the event viewer windows application logs we get "\CitrixStoreFront-x64.msi failed with error code 1603" -And in CitrixDeliveryServices logs we get " error in retrieving synchronization information " -Checked logs on SF and see that it was unable to stop "Citrix Subscription Store" service...

MS16-107: Description of the security update for Office 2016: September 13, 2016

MS16-107: Description of the security update for Office 2016: September 13, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microso...

Opera's browser synchronization service hacked, user data and stored passwords leaked-vulnerability warning-the black bar safety net

8 month 2 6 day night, the well-known browser vendor Opera's announcement represents its cloud synchronization service suffered a hacker attack, open a browser synchronization feature of the user will be affected. ! Opera Company of a station for storing the user data synchronization server is...

FreeBSD : FreeBSD -- Multiple ntp vulnerabilities (7cfcea05-600a-11e6-a6c3-14dae9d210b8)

Multiple vulnerabilities have been discovered in the NTP suite : The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to crash. CVE-2016-4957, Reported by Nicolas Edet of Cisco An attacker who knows the origin timestamp and can send a spoofed packet containing a CRYPTO-NAK to...

MS16-099: Description of the security update for Office 2016: August 9, 2016

MS16-099: Description of the security update for Office 2016: August 9, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

ntp: crypto-NAK preemptable association denial of service

A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time...

ntp: ntpd switching to interleaved mode with spoofed packets

It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively...

ntp: off-path denial of service on authenticated broadcast mode

It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer...

Troubleshoot Issues that Arise When Joining StoreFront Server to a Group

Complete the following steps to troubleshoot issues that arise when joining a StoreFront server to a group. 1. Validate that all machines are on the same version of Storefront. Open the StoreFront MMC Help About Citrix StoreFront Version. 2. Confirm that all StoreFront servers have the same date...

Use-after-free in service workers with nested sync events — Mozilla

Security researcher Looben Yang discovered a use-after-free vulnerability when working with nested sync event loops in Service Workers. He discovered a mechanism where scripts can close their own worker, which will then trigger a synchronization XMLHttpRequest on this now closed and released...

Debian Security Advisory DSA 3629-1 (ntp - security update)

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-7974 Matt Street discovered that insufficient key validation allows impersonation attacks between authenticated peers. CVE-2015-7977CVE-2015-7978Stephen Gray discovered that a NULL pointer...

[SECURITY] [DSA 3629-1] ntp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3629-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2016 https://www.debian.org/security/faq -...

The vulnerability of the OpenSSL library, which allows a hacker to trigger a service failure

The vulnerability in the ssl/s3clnt.c function of the OpenSSL library arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to trigger a service denial game-of-thrones behavior and subsequent release by using a specially created...