OS Command Injection

dns-sync is vulnerable to OS command injection. A remote attacker is able to inject and execute arbitrary OS command via a malicious URL...

node-dns-sync code injection vulnerability

node-dns-sync is a package that synchronizes/blocks DNS resolution from the American developers of Skoranga Software. A code injection vulnerability exists in node-dns-sync version 0.2.0 and earlier. A remote attacker can exploit this vulnerability to execute code...

Design/Logic Flaw

node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...

@blitzbank/dashboard (>=0.0.1 <=0.0.2), @bloombox/js-client (=1.1.4) +22 more potentially affected by CVE-2020-11079 via dns-sync (=0.1.3)

dns-sync NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on dns-sync and may be impacted: - @blitzbank/dashboard =0.0.1, =0.1.0, =1.0.2, =1.0.1, =1.0.1, =2.2.37, =0.0.1, =0.2.24, =0.0.1, =1.0.0, =2.0.3 and more Source cves: CVE-2020-110...

Command injection in node-dns-sync

dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input...

CVE-2020-11079

Summary : CVE-2020-11079 affects the npm package node-dns-sync (dns-sync) up to version 0.2.0. The vulnerability allows execution of arbitrary commands via a vulnerable method when driven by untrusted input, potentially leading to remote code execution. A fix is available in version 0.2.1. Affect...

CVE-2020-11079 command injection fix in node-dns-sync

node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...

EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1592)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's implementation of GRO. This flaw allows an attacker with local access to crash the system.CVE-2020-10720 ...

Azure File Sync Agent v10.0.2 Release – May 2020 (KB4522412)

Update for Azure File Sync agent version 10.0.2.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v10.0.2 Release – May 2020 (KB4522412)

Update for Azure File Sync agent version 10.0.2.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v10.0.2 Release – May 2020 (KB4522412)

Update for Azure File Sync agent version 10.0.2.0. For more details, see the associated Microsoft Knowledge Base article...

Update Rollup for Azure File Sync Agent – May 2020

Update Rollup for Azure File Sync Agent – May 2020 Introduction This article describes the issues that are fixed in the Update Rollup for Azure File Sync Agent that is dated May 2020. Additionally, this article contains installation instructions for the update. Improvements and issues that are...

Directory traversal

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...

Linux kernel resource management error vulnerability (CNVD-2020-41818)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the xfsagfverify file in fs/xfs/libxfs/xfsalloc.c in Linux kernel 5.6.10 and earlier. An attacker can exploit this vulnerability to...

CVE-2020-12655

An issue was discovered in xfsagfverify in fs/xfs/libxfs/xfsalloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767...

CVE-2020-12655

An issue was discovered in xfsagfverify in fs/xfs/libxfs/xfsalloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767...

DEBIAN-CVE-2020-12655

An issue was discovered in xfsagfverify in fs/xfs/libxfs/xfsalloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767...

UBUNTU-CVE-2020-12655

An issue was discovered in xfsagfverify in fs/xfs/libxfs/xfsalloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767...

Design/Logic Flaw

An issue was discovered in xfsagfverify in fs/xfs/libxfs/xfsalloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767...

CVE-2020-12655

An issue was discovered in xfsagfverify in fs/xfs/libxfs/xfsalloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767...