SUSE CVE-2024-49966

In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqisyncwork before freeing oinfo ocfs2globalreadinfo will initialize and schedule dqisyncwork at the end, if error occurs after successfully reading global quota, it will trigger the following warning with...

CVE-2024-6049

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

CVE-2024-6049

The CVE-2024-6049 issue affects Lawo AG vsm LTC Time Sync (vTimeSync) Web server. A triple-dot path traversal vulnerability allows unauthenticated attackers to download arbitrary OS files via crafted HTTP requests, with exploitation possible only when a file extension is requested (e.g., .exe, .t...

CVE-2024-6049 Unauthenticated Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

CVE-2024-48546

Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file...

CVE-2024-48546

CVE-2024-48546 affects the Wear Sync mobile app (Wear Sync v1.2.0). The issue is incorrect access control in the firmware update and download processes, allowing an attacker to access sensitive information by inspecting code/data inside the APK. Documented impact is high for confidentiality, inte...

PT-2024-33144 · Wear Sync · Wear Sync

Name of the Vulnerable Software and Affected Versions: Wear Sync version 1.2.0 Description: The issue is related to incorrect access control in the firmware update and download processes. This allows attackers to access sensitive information by analyzing the code and data within the APK file...

YingSheng Wear Sync 安全漏洞

YingSheng Wear Sync is a mobile application for connecting smart devices from YingSheng China. A security vulnerability exists in YingSheng Wear Sync v1.2.0, which stems from incorrect access control during firmware updates and downloads...

Lawo AG vsm LTC Time Sync 路径遍历漏洞

Lawo vsm LTC Time Sync Lawo vTimeSync is an application from Lawo, Inc. A security vulnerability exists in Lawo AG vsm LTC Time Sync prior to version 4.5.6.0, which stems from the presence of a path traversal vulnerability that could allow an unauthenticated, remote attacker to download arbitrary...

CVE-2024-48546

Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file...

SUSE CVE-2022-49004

In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAPSTACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is...

AZL-51443 CVE-2024-50029 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix UAF in hcienhancedsetupsync This checks if the ACL connection remains valid as it could be destroyed while hcienhancedsetupsync is pending on cmdsync leading to the following trace: BUG: KASAN:...

UBUNTU-CVE-2022-49004

In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAPSTACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is...

UBUNTU-CVE-2024-50029

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix UAF in hcienhancedsetupsync This checks if the ACL connection remains valid as it could be destroyed while hcienhancedsetupsync is pending on cmdsync leading to the following trace: BUG: KASAN:...

CVE-2022-49004

CVE-2022-49004 (Linux kernel) affects riscv architectures. The EFI page table is initially copied from the kernel page table; with VMAP_STACK enabled, kernel stacks allocated in vmalloc may land on a new PGD, causing a trap when switching to the EFI page table and a kernel panic. The fix updates ...

DEBIAN-CVE-2024-49951

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmtindexremoved If mgmtindexremoved is called while there are commands queued on cmdsync it could lead to crashes like the bellow trace: 0x0000053D: listdelentryvalidorreport+0x98/0xdc...

UBUNTU-CVE-2024-49951

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmtindexremoved If mgmtindexremoved is called while there are commands queued on cmdsync it could lead to crashes like the bellow trace: 0x0000053D: listdelentryvalidorreport+0x98/0xdc...

UBUNTU-CVE-2024-49966

In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqisyncwork before freeing oinfo ocfs2globalreadinfo will initialize and schedule dqisyncwork at the end, if error occurs after successfully reading global quota, it will trigger the following warning with...

CentOS 7 : kernel-alt (RHSA-2020:3545)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3545 advisory. - A memory leak in the ipmibmcregister function in drivers/char/ipmi/ipmimsghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a...

Azure File Sync Agent v19.1 Release – August 2024 (KB5040924)

Update Rollup for Azure File Sync agent version 19.1.0.0. For more details, see the associated Microsoft Knowledge Base article...