Moderate: rsync security and enhancement update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

The vulnerability of the Point to Point Tunneling Protocol (PPTP) network protocol implementation in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Point to Point Tunneling Protocol PPTP network protocol implementation in the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

AlmaLinux 8 : 389-ds:1.4 (ALSA-2022:7133)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7133 advisory. 389-ds-base: SIGSEGV in syncrepl CVE-2022-2850 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Nessu...

Oracle Linux 8 : 389-ds:1.4 (ELSA-2022-7133)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7133 advisory. 1.4.3.28-8 - Bump version to 1.4.3.28-8 - Resolves: Bug 2131743 - SIGSEGV in syncrepl Tenable has extracted the preceding description block directly from the...

CVE-2022-39355

Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number...

CVE-2022-39355 Discourse Patreon vulnerable to improper validation of email during Patreon authentication

Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number...

ERROR : Dotmim.Sync.SyncException: SQLite Error 14: 'unable to open database file'.

On Broker machine event viewer : Dotmim.Sync.SyncException: SQLite Error 14: 'unable to open database file'. --- Microsoft.Data.Sqlite.SqliteException: SQLite Error 14: 'unable to open database file'. à Microsoft.Data.Sqlite.SqliteException.ThrowExceptionForRCInt32 rc, sqlite3 db à...

CVE-2022-39355

CVE-2022-39355 affects the Discourse Patreon plugin, where an improper authentication flow could allow taking control of a victim’s forum account on sites with Patreon login enabled. The issue is patched in commit 846d012151514b35ce42a1636c7d70f6dcee879e; as a precaution, accounts logged in via u...

CVE-2022-39355 Discourse Patreon vulnerable to improper validation of email during Patreon authentication

Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number...

389-ds-base: SIGSEGV in sync_repl

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service...

389-ds-base: SIGSEGV in sync_repl

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service...

The vulnerability of the Bifrost data-synchronization software is related to deficiencies in the authentication process, which allows attackers to elevate their privileges.

The vulnerability of the Bifrost data-synchronization software is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain increased privileges...

CVE-2022-27626

A vulnerability regarding concurrent execution using shared resource with improper synchronization 'Race Condition' is found in the session processing functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following...

PT-2022-18532 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.1.1-42962-2 Description: A race condition vulnerability exists in the session processing functionality of Out-of-Band OOB Management, allowing remote attackers to execute arbitrary commands...

PT-2022-5928 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A race condition vulnerability has been found in the Linux Kernel, specifically affecting the kcm tx work function in the net/kcm/kcmsock.c file. This issue is caused by synchronizatio...

CVE-2022-2850

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix ...

CVE-2022-2850

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix ...

DEBIAN-CVE-2022-2850

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix ...

CVE-2022-2850

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix ...

UBUNTU-CVE-2022-2850

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix ...