Fedora: Security Advisory for syncthing (FEDORA-2023-fa2d7b25d9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: syncthing-1.26.0-1.fc39

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

[SECURITY] Fedora 37 Update: syncthing-1.26.0-1.fc37

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

[SECURITY] Fedora 38 Update: syncthing-1.26.0-1.fc38

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

[SECURITY] Fedora 37 Update: syncthing-1.23.5-1.fc37

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

Fedora 38 : syncthing (2023-39eb10ec3c)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-39eb10ec3c advisory. Update to version 1.23.5. Addresses CVE-2022-46165. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

CVE-2022-46165

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

CVE-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

CVE-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

CVE-2022-46165

Syncthing (open source file sync) is vulnerable in versions prior to 1.23.5 due to a stored cross-site scripting (XSS) issue in the Web UI when sharing folders. An attacker could abuse shared folders to cause HTML/JavaScript in file names, and, if the user interacts with the UI (e.g., moves the m...

CVE-2022-46165

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

CVE-2023-30844

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

CVE-2023-30844

Mutagen (mutagen and mutagen-compose) before versions 0.16.6/0.17.1 are vulnerable: list and monitor commands can accept control characters from remote endpoints, risking terminal corruption and potential exploitation when syncing with untrusted endpoints or paths. The issue is caused by unneutra...

CVE-2023-30844 Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

CVE-2023-28997

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5...

CVE-2023-29000

The CVE-2023-29000 entry affects the Nextcloud Desktop Client. Starting with version 3.0.0 and prior to 3.7.0, the client trusts that the server certificate belongs to the user’s keypair, allowing a malicious server to cause the desktop client to encrypt files with an attacker-known key. The issu...

CVE-2023-28998

The CVE-2023-28998 entry concerns the Nextcloud Desktop Client. Versions from 3.0.0 up to, but not including, 3.6.5 are vulnerable: a malicious server administrator can gain full access to an end-to-end encrypted folder, decrypt files, recover the folder structure, and add new files. Affected sof...

CVE-2023-28997 Nextcloud Desktop: Initialization vector reuse in E2EE allows malicious server admin to break, manipulate, access files

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from the ability to preview without a watermark...

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...