Azure File Sync Agent v19.1 Release – August 2024 (KB5040924)

Update Rollup for Azure File Sync agent version 19.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v19.1 Release – August 2024 (KB5040924)

Update Rollup for Azure File Sync agent version 19.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

GHSA-43F3-H63W-P6F6 Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability

Summary A logged-in user with any role can delete arbitrary files on the filesystem by calling the sync/cleansyncdir endpoint. The dirname POST parameter is not validated/sanitized and is used to construct the syncDir that is deleted by calling fs.rm. Details - file:...

ROS-20241001-12

QEMU hardware emulator vulnerability is related to synchronization errors. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

[SECURITY] Fedora 41 Update: nextcloud-29.0.6-1.fc41

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 39 Update: nextcloud-29.0.6-2.fc39

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 40 Update: nextcloud-29.0.6-2.fc40

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

dm-raid: really frozen sync_thread during suspend

...

md/dm-raid: don't call md_reap_sync_thread() directly

...

net/mlx5: Fix missing lock on sync reset reload

...

BIT-MATTERMOST-2024-39839

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a remote to set their remote username prop to an arbitrary string, which would be then synced to the...

BIT-MATTERMOST-2024-41926

Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...

AZL-49980 CVE-2024-44962 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading When unload the btnxpuart driver, its associated timer will be deleted. If the timer happens to be modified at this moment, it leads to the kernel ca...

CometBFT's state syncing validator from malicious node may lead to a chain split

Name: ASA-2024-009: State syncing validator from malicious node may lead to a chain split Component: CometBFT Criticality: Medium ACMv1.2: I:Moderate; L: Possible Affected versions: = 0.34.0, =0.37.0, = 0.38.0, = 0.38.11 Summary The state sync protocol retrieves a snapshot of the application and...

Azure File Sync Agent v19 Release – September 2024

Azure File Sync Agent v19 Release – September 2024 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v19 release that is dated September 2024. Additionally, this article contains installation instructions for this release. Improvements and issues that...

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0275-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0275-1 advisory. - Update to 113.0.5230.32 DNA-118250 Backport fix for CVE-2024-7971 from Chrome to Opera 113 - Changes in 113.0.5230.31 CHR-9819 Update Chromium on...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'date' require 'json' require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/syncoveryfilesyncbackup'...

Flexense HTTP Server Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service vulnerability in the Flexense HTTP server...

[SECURITY] Fedora 40 Update: calibre-7.17.0-3.fc40

Calibre is meant to be a complete e-library solution. It includes library management, format conversion, news feeds to ebook conversion as well as e-book reader sync features. Calibre is primarily a ebook cataloging program. It manages your ebook collection for you. It is designed around the...

The vulnerability of the hci_req_syncComplete() function in the Linux operating system’s Bluetooth kernel allows a intruder to trigger a service failure.

The vulnerability of the hcireqsyncComplete function in the Linux operating system’s Bluetooth kernel relates to the lack of releasing the previous synchronization request state before assigning a reference to the new one. Exploiting this vulnerability can allow an attacker to cause a service...