Azure File Sync Agent v14.0 Release – October 2021 (KB5001872)

Update for Azure File Sync agent version 14.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v14.0 Release – October 2021 (KB5001872)

Update for Azure File Sync agent version 14.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v14.0 Release – October 2021 (KB5001872)

Update for Azure File Sync agent version 14.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v14.0 Release – October 2021 (KB5001872)

Update for Azure File Sync agent version 14.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

The vulnerability of the HBS 3 (Hybrid Backup Sync) backup and disaster recovery application for QTS operating systems, related to access control deficiencies, allows attackers to escalate their privileges.

The vulnerability of the HBS 3 Hybrid Backup Sync backup and disaster recovery application for QTS operating systems is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

WordPress 插件 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. A cross-site request forgery vulnerability exists in the WordPress Compact WP Audio Player plugin in versions prior to 1.9.7, which stems from the fact that the web application does not adequatel...

OPENSUSE-SU-2021:3348-1 Security update for systemd

This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa on a path bsc1188063. - logind: terminate cleanly on SIGTERM/SIGINT bsc1188018. - Adopting BFQ to control I/O jscSLE-21032, bsc1134353. - Rules weren't applied to dm devices multipath bsc1188713. - Ignore...

Out-of-bounds

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

CVE-2021-0684

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

CVE-2021-41093

Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See...

CVE-2021-41093

CVE-2021-41093 concerns Wire, an open-source secure messenger. Affected: Wire iOS components where an attacker with an old but valid access token could takeover the account by changing the user email. Root cause: improper session/token handling that allows account takeover. Impact: high risk (per...

ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information()

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

HybridPool._updateReserves Wrong implementation

Handle WatchPug Vulnerability details HybridPool.updateReserves is supposed to update the reserves to the latest bento share amounts. Instead, it uses underlying token amounts. In the getReserves function, reserves are treated as bento share amounts and get converted to underlying token amounts...

The vulnerability of the RSS/Atom/Pie LibGRSS library, related to errors in the authentication process for certificates, allows attackers to compromise the integrity of data.

The vulnerability of the RSS/Atom/Pie LibGRSS library is related to errors in the TLS certificate validation process when loading streams. This occurs due to a standard behavior of the SoupSessionSync library. Exploiting this vulnerability could allow an attacker to compromise the integrity of da...

"KeyboardLayout=(Server Default)" cannot take effect on Citrix Workspace app for Linux

Use the following way to change the Keyboard Layout sync mode to Server Default. Configure in StoreFront File Path:C:\inetpub\wwwroot\Citrix%StoreName%\AppData\default.ica Change setting inWFClient:KeyboardLayout=Server Default Or configure in CWA for Linux File path:/.ICAClient/wfclient.ini...

Mozilla Rust Memory Corruption Vulnerability (CNVD-2021-71653)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in Rust late-static crate before 0.4.0, which stems from the fact that Sync is implemented with LateStatic's T: Send, causing data contention to occur. No details of the...

Large Validator Sets/Rapid Validator Set Updates May Freeze the Bridge or Relayers

Handle nascent Vulnerability details In a similar vein to "Freeze The Bridge Via Large ERC20 Names/Symbols/Denoms", a sufficiently large validator set or sufficiently rapid validator update could cause both the ethoraclemainloop and relayermainloop to fall into a state of perpetual errors. In...

CVE-2021-20812

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

CVE-2021-20812

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...