Security update for rsync

This update for rsync fixes the following issues: CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the...

AZL-55661 CVE-2024-12086 affecting package rsync for versions less than 3.4.1-1

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

Malicious code in client-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b9f11a230f7ff6aa85aa65ed5160eb5e4ebf5dea53582c1feb521964a5472a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-12536

A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/clientdata.php. The manipulation of the argument id leads to cross site scripting. Th...

The NAKIVO Backup Solution for MSPs: Data Protection for VMware, Microsoft 365, Proxmox and More

Explore the features of the NAKIVO MSP backup solution. Choose one of the best MSP backup software to…...

SUSE CVE-2024-49871

In the Linux kernel, the following vulnerability has been resolved: Input: adp5589-keys - fix NULL pointer dereference We register a devm action to call adp5589clearconfig and then pass the i2c client as argument so that we can call i2cgetclientdata in order to get our device object. However,...

DEBIAN-CVE-2024-49871

In the Linux kernel, the following vulnerability has been resolved: Input: adp5589-keys - fix NULL pointer dereference We register a devm action to call adp5589clearconfig and then pass the i2c client as argument so that we can call i2cgetclientdata in order to get our device object. However,...

DEBIAN-CVE-2024-44936

In the Linux kernel, the following vulnerability has been resolved: power: supply: rt5033: Bring back i2csetclientdata Commit 3a93da231c12 "power: supply: rt5033: Use devmpowersupplyregister helper" reworked the driver to use devm. While at it, the i2csetclientdata was dropped along with the remo...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the incorrect removal of the i2csetclientdata callback during refactoring...

CVE-2024-0947

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...

MENDELSON AS4 Security Vulnerability

MENDELSON AS4 is an out-of-the-box B2B document exchange solution from MENDELSON. A security vulnerability exists in versions prior to MENDELSON AS4 2024 B376 that stems from the fact that when a trading partner provides prepared XML data, the file can be written to a computer that is running a...

AEGON LIFE v1.0 Life Insurance Management System - SQL injection Vulnerability

Exploit Title: Life Insurance Management System- SQL injection vulnerability. Exploit Author: Aslam Anwar Mahimkar Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEGON LIFE v1.0 Tested...

Creating Secure CRM Pipelines in Construction: Best Practices and Essential Strategies

Secure your construction company's CRM pipeline to protect client data and streamline operations. A specialized CRM enhances communication, reduces errors, and supports scalable growth with advanced security features and automation tools...

OpenSSL 1.0.0 < 1.0.0b Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.0b. It is, therefore, affected by a vulnerability as referenced in the 1.0.0b advisory. - Multiple race conditions in ssl/t1lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching are...

CVE-2024-1873

parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...

CVE-2024-1873

CVE-2024-1873 affects parisneo/lollms-webui (version a9d16b0) via an exposed /select_database endpoint that mishandles file paths when interacting with the DiscussionsDB, enabling path traversal and potential denial of service. Attackers can specify absolute paths to create directories anywhere t...

CVE-2024-1873 Path Traversal and Denial of Service in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs version a9d16b0, which stems from vulnerability to path traversal and denial-of-service attacks, which can lead to server startup failures and client...

GNU Savane 安全漏洞

GNU Savane is a collaborative software development management system for project management, code hosting and community collaboration. GNU Savane suffers from an insecure direct object reference vulnerability that arises from an application that does not properly implement access control mechanis...

SUSE CVE-2021-47095

In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssifinfo-client early During probe ssifinfo-client is dereferenced in error path. However, it is set when some of the error checking has already been done. This causes following kernel crash if an error pat...