Azure File Sync Agent v10.0 Release – April 2020 (KB4522409)

Update for Azure File Sync agent version 10.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

ICU: Integer overflow

Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description It was discovered that ICU’s UnicodeString::doAppend function is vulnerable to an integer overflow. Please review the CVE identifiers referenc...

[SECURITY] [DLA 2141-1] yubikey-val security update

Package : yubikey-val Version : 2.27-1+deb8u1 CVE ID : CVE-2020-10184 CVE-2020-10185 The following CVEs were reported against yubikey-val. CVE-2020-10184 The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a...

Unspecified Vulnerability in Yubico YubiKey Validation Server

Yubico YubiKey Validation Server is an authentication server from the Swedish company Yubico. A security vulnerability exists in the sync endpoint in YubiKey Validation Server versions prior to 2.40. A remote attacker could exploit the vulnerability to conduct replay attacks using previously used...

D-Link DIR-825 Stack Buffer Overflow Vulnerability

The D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit LAN/WAN router. A stack buffer overflow vulnerability exists in the httpd binary in the D-Link DIR-825 Rev. B 2.10. An attacker can exploit this vulnerability by sending a POST request to ntpsync.cgi with a sufficiently long parameter...

CVE-2020-10214

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntpsync.cgi with a sufficiently long parameter ntpserver...

CVE-2020-10214

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntpsync.cgi with a sufficiently long parameter ntpserver...

CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

Default configuration

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

UBUNTU-CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

CVE-2020-10185

CVE-2020-10185 affects the YubiKey Validation Server (YubiVal) prior to version 2.40. The vulnerability resides in the sync endpoint, which can be abused by remote attackers to replay previously used one-time passwords. This issue does not affect YubiCloud. The Debian/OSS advisories note fixes im...

CVE-2020-10185

Removed by vendor...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...

pacman command injection vulnerability

pacman is a package manager used in Linux. A command injection vulnerability exists in the 'applydeltas' function in the lib/libalpm/sync.c file in pacman versions prior to 5.2. The vulnerability stems from a network system or product not properly filtering special elements of external input data...

sync.1rx.io Open Redirect vulnerability

Open Bug Bounty ID: OBB-1102774 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Sync Breeze Enterprise 12.4.18 Unquoted Service Path

Exploit Title: Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv12.4.18.exe Version: 12.4.18 Tested On: Windows 10...

Sync Breeze Enterprise 12.4.18 - (Sync Breeze Enterprise) Unquoted Service Path Vulnerability

Exploit Title: Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path Exploit Author: boku Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv12.4.18.exe Version: 12.4.18 Tested On: Windows 10 32-bit...

Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path

Exploit Title: Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv12.4.18.exe Version: 12.4.18 Tested On: Windows 10...