4531 matches found
CVE-2020-1434
CVE-2020-1434: Windows Sync Host Service Elevation of Privilege. CNVD-2020-52919 confirms an in-memory handling flaw in Windows Sync Host Service, enabling a local attacker to execute code with elevated privileges by running a specially crafted application. No exploit details or patch/remediation...
CVE-2020-1434
An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'...
Windows Sync Host Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. To...
Storage Plan Stuck in "Resetting" State
Challenge After Undoing a Halted Storage Plan or Resetting a Halted Storage Plan, the plan enters the "Resetting" state and cannot switch to another state. Cause If you have a large infrastructure or encounter any internal issues within the Veeam ONE database, the undo or reset operation may not...
Linux client is vulnerable to directory traversal when downloading files (NC-SA-2020-032)
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...
ASUS Aura Sync 1.07.71 CVE-2019-17603 - Privilege Escalation
ASUS Aura Sync version 1.07.71 ene.sys privilege escalation kernel exploit. // CVE-2019-17603: ASUS Aura Sync 1.07.71 'ene.sys' EoP Kernel Exploit // Discovered by @dhn // Author of PoC: Connor McGarr @33y0re - https://connormcgarr.github.io // Windows 10 RS1 Version 10.0.14393 Build 14393 //...
ASUS Aura Sync 1.07.71 Privilege Escalation Exploit
// CVE-2019-17603: ASUS Aura Sync 1.07.71 'ene.sys' EoP Kernel Exploit // Discovered by @dhn // Author of PoC: Connor McGarr @33y0re - https://connormcgarr.github.io // Windows 10 RS1 Version 10.0.14393 Build 14393 // Tested with VBS, HyperGuard, and PatchGuard disabled include include include //...
Acronis: Account Takeover on unverified emails in File Sync & Share
Summary The name change functionality in File Sync & Share is expected to change the name in File Sync & Share. But the API endpoint used in it also allows changing email to any email without having to verify the email. The login email stays the same but the email within File Sync & Share...
SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1605-1)
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called...
Sync Breeze Enterprise Denial of Service Vulnerability
Sync Breeze Enterprise is a file synchronization utility that allows you to synchronize and manage the disk files of your networked computers, mainly used to categorize, save and manage files. A denial of service vulnerability exists in Sync Breeze Enterprise. An attacker can exploit the...
Facebook: Facebook - Reputation Sync For #267890541047618
This bug was reported directly to Facebook...
Description of the security update for SharePoint Enterprise Server 2016: June 9, 2020
Description of the security update for SharePoint Enterprise Server 2016: June 9, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see t...
Couchbase Sync Gateway and Couchbase Server Denial of Service Vulnerabilities
Couchbase Sync Gateway and Couchbase Server are both products of Couchbase Inc. Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web.Couchbase Server is a distributed open source Couchbase Server is a distributed open-source NoSQL non-relational...
CVE-2020-9041
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections...
CVE-2020-9041
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections...
Design/Logic Flaw
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections...
CVE-2020-9041
The CVE-2020-9041 vulnerability affects Couchbase Server 6.0.3 and Couchbase Sync Gateway up to 2.7.0. The cluster management, views, query, and full-text search endpoints are vulnerable to a Slowloris denial-of-service attack due to insufficient termination of slow connections. Impact is Denial ...
CVE-2020-9041
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections...
Zoho ManageEngine DataSecurity Plus Directory Traversal (CVE-2020-11531)
A directory traversal vulnerability exists in Zoho ManageEngine DataSecurity Plus. The vulnerability is due to lack of validation of the database schema name when handling a DR-SCHEMA-SYNC request in DataEngine Xnode Server application...
Release information for Veeam Backup for Microsoft 365 4c
NOTE A cumulative patch is now available, click here for more information Veeam Backup for Microsoft 365 4c cumulative patch KB4099. IMPORTANT The GA build of Veeam Backup for Microsoft 365 version 4c build 4.0.1.519 was recalled due to a backup sync issue identified by Veeam quality assurance. I...