ASUS Aura Sync Buffer Overflow Vulnerability

ASUS Aura Sync is a hardware light synchronization plug-in from Asus Taiwan, China. A security vulnerability exists in the Ene.sys file in ASUS Aura Sync 1.07.71 and earlier versions, which originates from the program failing to properly validate input sent to IOCTL 0x80102044, 0x80102050, and...

CVE-2019-17603

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service system crash or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption...

CVE-2019-17603

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service system crash or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption...

Memory corruption

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service system crash or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption...

CVE-2019-17603

Affected software: ASUS Aura Sync (Ene.sys) up to version 1.07.71. Vulnerability: IOCTL handling in Ene.sys does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, enabling local users to cause a denial of service (system crash) or gain privileges via crafted kernel addr...

CVE-2019-17603

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service system crash or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption...

June 2, 2020, update for OneNote 2016 (KB4484329)

June 2, 2020, update for OneNote 2016 KB4484329 This article describes update 4484329 for Microsoft OneNote 2016 that was released on June 2, 2020. Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to t...

OS Command Injection

dns-sync is vulnerable to OS command injection. A remote attacker is able to inject and execute arbitrary OS command via a malicious URL...

node-dns-sync code injection vulnerability

node-dns-sync is a package that synchronizes/blocks DNS resolution from the American developers of Skoranga Software. A code injection vulnerability exists in node-dns-sync version 0.2.0 and earlier. A remote attacker can exploit this vulnerability to execute code...

Design/Logic Flaw

node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...

@blitzbank/dashboard (>=0.0.1 <=0.0.2), @bloombox/js-client (=1.1.4) +22 more potentially affected by CVE-2020-11079 via dns-sync (=0.1.3)

dns-sync NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on dns-sync and may be impacted: - @blitzbank/dashboard =0.0.1, =0.1.0, =1.0.2, =1.0.1, =1.0.1, =2.2.37, =0.0.1, =0.2.24, =0.0.1, =1.0.0, =2.0.3 and more Source cves: CVE-2020-110...

Command injection in node-dns-sync

dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input...

CVE-2020-11079

Summary : CVE-2020-11079 affects the npm package node-dns-sync (dns-sync) up to version 0.2.0. The vulnerability allows execution of arbitrary commands via a vulnerable method when driven by untrusted input, potentially leading to remote code execution. A fix is available in version 0.2.1. Affect...

CVE-2020-11079 command injection fix in node-dns-sync

node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...

EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1592)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's implementation of GRO. This flaw allows an attacker with local access to crash the system.CVE-2020-10720 ...

Azure File Sync Agent v10.0.2 Release – May 2020 (KB4522412)

Update for Azure File Sync agent version 10.0.2.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v10.0.2 Release – May 2020 (KB4522412)

Update for Azure File Sync agent version 10.0.2.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v10.0.2 Release – May 2020 (KB4522412)

Update for Azure File Sync agent version 10.0.2.0. For more details, see the associated Microsoft Knowledge Base article...

Update Rollup for Azure File Sync Agent – May 2020

Update Rollup for Azure File Sync Agent – May 2020 Introduction This article describes the issues that are fixed in the Update Rollup for Azure File Sync Agent that is dated May 2020. Additionally, this article contains installation instructions for the update. Improvements and issues that are...

Directory traversal

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...