4540 matches found
CVE-2025-29973
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally...
CVE-2025-29973 Microsoft Azure File Sync Elevation of Privilege Vulnerability
...
CVE-2025-29973 Microsoft Azure File Sync Elevation of Privilege Vulnerability
...
CVE-2025-29973
Azure File Sync Elevation of Privilege (CVE-2025-29973): improper access control allows an authorized local attacker to escalate privileges. Affected product: Microsoft Azure File Sync. CVSS v3.1 base score 7.0 (HIGH). Remediation: patch/update from Microsoft; NCSC confirms fixes have been releas...
xorg: xwayland: Use-after-free in SyncInitTrigger()
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...
kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume
In the Linux kernel, the following vulnerability has been resolved: dm-raid: Fix WARNONONCE check for syncthread in raidresume rm-raid devices will occasionally trigger the following warning when being resumed after a table load because DMRECOVERYRUNNING is set: WARNING: CPU: 7 PID: 5660 at...
kernel: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix UAF in hcienhancedsetupsync This checks if the ACL connection remains valid as it could be destroyed while hcienhancedsetupsync is pending on cmdsync leading to the following trace: BUG: KASAN:...
kernel: Bluetooth: HCI: Fix potential null-ptr-deref
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...
kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in setpoweredsync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in setpoweredsync+0x3a/0xc0...
kernel: usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...
kernel: Bluetooth: Ignore too large handle values in BIG
A vulnerability was found in the Linux kernel's bluetooth subsystem in the function hcilebigsyncestablishedevt where a lack of proper checks does not validate whether a received connection handle exceeds the maximum allowed value. This could lead to system instability or crashes...
xorg: xwayland: Use-after-free in SyncInitTrigger()
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...
Microsoft Azure File Sync Elevation of Privilege Vulnerability
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally...
Microsoft Azure 访问控制错误漏洞
Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Azure. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are affected:Azure...
KLA83574 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Azure File Sync can be exploited remotely to gain privileges. 2. An...
PT-2025-20975 · Microsoft · Azure File Sync
Name of the Vulnerable Software and Affected Versions: Azure File Sync affected versions not specified Description: The issue is related to improper access control in Azure File Sync, which allows an authorized attacker to elevate privileges locally. There is no information provided about the...
CVE-2025-37861
The CVE 2025-37861 pertains to the Linux kernel SCSI MPI3MR driver where the TM thread could process reply queues while the reset thread reinitializes them, causing an access to an invalid queue ID (0xFFFF) and a crash. The fix adds a synchronization flag io_admin_reset_sync. Before a reset, the ...
SUSE CVE-2025-37805
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... 8.713282 T221 Call trace: 8.713365 T221...
DEBIAN-CVE-2025-37805
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... 8.713282 T221 Call trace: 8.713365 T221...
CVE-2025-37805
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... 8.713282 T221 Call trace: 8.713365 T221...