ALSA-2025:0324 Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

Rsync contains six vulnerabilities

Overview Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak,...

Rclone Installed (Mac OS X)

Binary data rclonemacosinstalled.nbin...

Nextcloud Access Control Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an Access Control Error vulnerability that stems from the fact that when a file is blocked by access control, users can still copy an...

Nextcloud Authorization Issues Vulnerability (CNVD-2025-11222)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an authorization issue vulnerability that originates when an attacker gains access to a user or administrator session to create, change...

CVE-2024-52510 Nextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Deskt...

CVE-2024-52510

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Deskt...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that originates from a malicious user being able to send an incorrectly formatted login link that redirects th...

[SECURITY] Fedora 40 Update: syncthing-1.28.0-1.fc40

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

[SECURITY] Fedora 41 Update: syncthing-1.28.0-1.fc41

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

[SECURITY] Fedora 39 Update: syncthing-1.28.0-1.fc39

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

DEBIAN-CVE-2024-45234

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...

DEBIAN-CVE-2024-45238

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...

BIT-SYNCTHING-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

DEBIAN-CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfssetitemkeysafe: BTRFS critical device vdb: slot 4 key 450 108 8192 new key 450 108 8192 ------------ cu...

Unspecified Vulnerability in Nextcloud (CNVD-2024-29654)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from the fact that a sharing recipient with read and share permissions could reshare the item...

CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

Fedora: Security Advisory for syncthing (FEDORA-2024-b93312a597)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: syncthing-1.27.3-1.fc38

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

[SECURITY] Fedora 39 Update: syncthing-1.27.3-1.fc39

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...