Sync Breeze Enterprise 12.4.18 - Sync Breeze Enterprise Unquoted Service Path

Sync Breeze Enterprise 12.4.18 - Sync Breeze Enterprise Unquoted Service Path Exploit Title: Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.syncbreeze.com Software Link:...

PT-2020-1885 · Broadcom +2 · Broadcom Wi-Fi Chips +2

Name of the Vulnerable Software and Affected Versions: Broadcom and Cypress Wi-Fi chips affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in Wi-Fi chipsets from Broadcom. This can allow a remote attacker to gain unauthorize...

RUSTSEC-2020-0062 Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...

Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1007)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Replication of ACLs set to inherit down a

Description A newly delegated right, but more importantly the removal of a delegated right, would not be inherited on any DC other than the one where the change was made. For example: - if a user or group was previously delegated the right to create or modify a subtree say to allow desktop suppor...

CVE-2019-9812

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...

CVE-2019-9812

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...

DEBIAN-CVE-2019-9812

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...

CVE-2019-9812

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...

CVE-2019-9812

CVE-2019-9812 describes a sandbox-escape in Mozilla Firefox/Firefox ESR: by loading accounts.firefox.com in a compromised sandboxed content process and auto-logging into a malicious Firefox Sync account, the adversary could cause sandbox-disabled preferences to be written to the local machine and...

Blink XT2 Sync Module Command Injection Vulnerability

The Blink XT2 is an indoor/outdoor smart security camera and the Sync Module is the included synchronization module. A command injection vulnerability exists in the Blink XT2 Sync Module firmware prior to version 2.13.11, which can be exploited by remote attackers to execute arbitrary commands on...

CVE-2019-3984

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...

CVE-2019-3984

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...

Input validation

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...

CVE-2019-3984

CVE-2019-3984 affects Blink XT2 Sync Module firmware prior to 2.13.11. The issue arises from improperly sanitized input in update scripts fetched from the internet, allowing remote attackers to execute arbitrary commands on the device. Reported in multiple sources (NVD, Red Hat, CNVD, CVE listing...

DEBIAN-CVE-2012-6111

gnome-keyring does not discard stored secrets when using gnomekeyringlockallsync function...

UBUNTU-CVE-2012-6111

gnome-keyring does not discard stored secrets when using gnomekeyringlockallsync function...

UBUNTU-CVE-2019-19813

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in mutexlock in kernel/locking/mutex.c. This is related to mutexcanspinonowner in kernel/locking/mutex.c, btrfsqgroupfreemeta in...

Update Rollup for Azure File Sync Agent – December 2019

Update Rollup for Azure File Sync Agent – December 2019 Introduction This article describes the issues that are fixed in the Update Rollup for Azure File Sync Agent that is dated December 2019. Additionally, this article contains installation instructions for the update. Improvements and issues...