CVE-2020-12655

CVE-2020-12655 affects the Linux kernel’s XFS code path: specifically, xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c up to version 5.6.10. The issue allows an attacker to trigger a sync of excessive duration when processing a crafted XFS v5 image, potentially causing denial of service through prolo...

CVE-2020-5876

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address...

CVE-2020-5876

The CVE-2020-5876 issue affects BIG-IP mcpd and related components due to a race condition that can cause unencrypted config sync attempts when changing peer ConfigSync IPs, adding peers, or TMM startup. Vulnerable versions include BIG-IP 15.0.0–15.0.1, 14.0.0–14.1.2, 13.1.0–13.1.3, 12.1.0–12.1.5...

CVE-2020-5876

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address...

The vulnerability of the SyncImageSettings function in the console-based ImageMagick graphics editor allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SyncImageSettings function MagickCore/image.c in the ImageMagick console-based graphics editor involves the use of an uninitialized value. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protecte...

Keyboard and Language (IME) Does Not Sync from Local to VDA

When the user configures Receiver for Windows Advanced Preferences Keyboard and Language Bar Set "Keyboard" to Yes; Manual switch from "Chinese" to "English" or user "Ctrl + Shift" to switch input Keyboard and Language does not sync from local to VDA...

Azure File Sync Agent v10 Release – April 2020

Azure File Sync Agent v10 Release – April 2020 Introduction This article describes the improvements and issues that are fixed in the Azure File Sync Agent v10 release that is dated March 2020. Additionally, this article contains installation instructions for the update. Improvements and issues th...

March 17, 2020—KB4541331 (OS Build 17763.1131)

March 17, 2020—KB4541331 OS Build 17763.1131 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates an issue that causes an error when printing to a document share. Updates...

Update to enable WSUS support for Windows 10 feature upgrades

Update to enable WSUS support for Windows 10 feature upgrades This article describes an update for Windows Server 2012 R2 and Windows Server 2012. Before you install this update, check the Prerequisites section. About this update This update enables Windows Server Update Services WSUS on a Window...

Update for Work Folders improvements in Windows 7 SP1

Update for Work Folders improvements in Windows 7 SP1 About this update This update ensures that users are able to continue using Work Folders after they upgrade from Windows 7 SP1 to Windows 10. This update must be applied to the client before the upgrade, in order to maintain the sync partnersh...

March 8, 2016, update for PowerPoint 2016 (KB3114847)

March 8, 2016, update for PowerPoint 2016 KB3114847 This article describes update KB3114847 for Microsoft PowerPoint 2016, which was released on March 8, 2016. This update has a prerequisite. Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based...

CVE-2019-9444

In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation...

Azure File Sync Agent v10.0 Release – April 2020 (KB4522409)

Update for Azure File Sync agent version 10.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v10.0 Release – April 2020 (KB4522409)

Update for Azure File Sync agent version 10.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v10.0 Release – April 2020 (KB4522409)

Update for Azure File Sync agent version 10.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

ICU: Integer overflow

Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description It was discovered that ICU’s UnicodeString::doAppend function is vulnerable to an integer overflow. Please review the CVE identifiers referenc...

[SECURITY] [DLA 2141-1] yubikey-val security update

Package : yubikey-val Version : 2.27-1+deb8u1 CVE ID : CVE-2020-10184 CVE-2020-10185 The following CVEs were reported against yubikey-val. CVE-2020-10184 The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a...

D-Link DIR-825 Stack Buffer Overflow Vulnerability

The D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit LAN/WAN router. A stack buffer overflow vulnerability exists in the httpd binary in the D-Link DIR-825 Rev. B 2.10. An attacker can exploit this vulnerability by sending a POST request to ntpsync.cgi with a sufficiently long parameter...

Unspecified Vulnerability in Yubico YubiKey Validation Server

Yubico YubiKey Validation Server is an authentication server from the Swedish company Yubico. A security vulnerability exists in the sync endpoint in YubiKey Validation Server versions prior to 2.40. A remote attacker could exploit the vulnerability to conduct replay attacks using previously used...

CVE-2020-10214

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntpsync.cgi with a sufficiently long parameter ntpserver...