Acronis: Account Takeover on unverified emails in File Sync & Share

Summary The name change functionality in File Sync & Share is expected to change the name in File Sync & Share. But the API endpoint used in it also allows changing email to any email without having to verify the email. The login email stays the same but the email within File Sync & Share...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1605-1)

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called...

Sync Breeze Enterprise Denial of Service Vulnerability

Sync Breeze Enterprise is a file synchronization utility that allows you to synchronize and manage the disk files of your networked computers, mainly used to categorize, save and manage files. A denial of service vulnerability exists in Sync Breeze Enterprise. An attacker can exploit the...

Facebook: Facebook - Reputation Sync For #267890541047618

This bug was reported directly to Facebook...

Description of the security update for SharePoint Enterprise Server 2016: June 9, 2020

Description of the security update for SharePoint Enterprise Server 2016: June 9, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see t...

Couchbase Sync Gateway and Couchbase Server Denial of Service Vulnerabilities

Couchbase Sync Gateway and Couchbase Server are both products of Couchbase Inc. Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web.Couchbase Server is a distributed open source Couchbase Server is a distributed open-source NoSQL non-relational...

CVE-2020-9041

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections...

CVE-2020-9041

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections...

Design/Logic Flaw

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections...

CVE-2020-9041

The CVE-2020-9041 vulnerability affects Couchbase Server 6.0.3 and Couchbase Sync Gateway up to 2.7.0. The cluster management, views, query, and full-text search endpoints are vulnerable to a Slowloris denial-of-service attack due to insufficient termination of slow connections. Impact is Denial ...

CVE-2020-9041

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections...

Zoho ManageEngine DataSecurity Plus Directory Traversal (CVE-2020-11531)

A directory traversal vulnerability exists in Zoho ManageEngine DataSecurity Plus. The vulnerability is due to lack of validation of the database schema name when handling a DR-SCHEMA-SYNC request in DataEngine Xnode Server application...

Release information for Veeam Backup for Microsoft 365 4c

NOTE A cumulative patch is now available, click here for more information Veeam Backup for Microsoft 365 4c cumulative patch KB4099. IMPORTANT The GA build of Veeam Backup for Microsoft 365 version 4c build 4.0.1.519 was recalled due to a backup sync issue identified by Veeam quality assurance. I...

ASUS Aura Sync Buffer Overflow Vulnerability

ASUS Aura Sync is a hardware light synchronization plug-in from Asus Taiwan, China. A security vulnerability exists in the Ene.sys file in ASUS Aura Sync 1.07.71 and earlier versions, which originates from the program failing to properly validate input sent to IOCTL 0x80102044, 0x80102050, and...

CVE-2019-17603

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service system crash or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption...

CVE-2019-17603

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service system crash or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption...

Memory corruption

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service system crash or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption...

CVE-2019-17603

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service system crash or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption...

CVE-2019-17603

Affected software: ASUS Aura Sync (Ene.sys) up to version 1.07.71. Vulnerability: IOCTL handling in Ene.sys does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, enabling local users to cause a denial of service (system crash) or gain privileges via crafted kernel addr...

June 2, 2020, update for OneNote 2016 (KB4484329)

June 2, 2020, update for OneNote 2016 KB4484329 This article describes update 4484329 for Microsoft OneNote 2016 that was released on June 2, 2020. Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to t...