CVE-2024-41926

Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...

CVE-2024-41926 Malicious remote can claim that a user was synced from another remote

Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...

CVE-2024-41926 Malicious remote can claim that a user was synced from another remote

Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...

CVE-2024-41926

Mattermost server (github.com/mattermost/mattermost-server) is affected by CVE-2024-41926. Versions 9.9.x up to 9.9.0 and 9.5.x up to 9.5.6 fail to validate the source of sync messages, allowing a malicious remote to set arbitrary RemoteId values for synced users and thus claim a user was synced ...

CVE-2024-41144

Mattermost vulnerability CVE-2024-41144 affects Mattermost server versions: 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, and 9.8.x

PT-2024-29638 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.9.x through 9.9.0 Description: The issue allows a malicious remote to set arbitrary RemoteId values for synced users, which can lead to claiming that a user was synced from another...

PT-2024-28415 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Mattermost versions 9.9.x through 9.9.0 Description: The issue arises from the failure to properly validate that the chann...

DEBIAN-CVE-2024-42153

In the Linux kernel, the following vulnerability has been resolved: i2c: pnx: Fix potential deadlock warning from deltimersync call in isr When deltimersync is called in an interrupt context it throws a warning because of potential deadlock. The timer is used only to exit from waitforcompletion...

DEBIAN-CVE-2024-42133

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hcilebigsyncestablishedevt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hciconncleanup...

UBUNTU-CVE-2024-42133

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hcilebigsyncestablishedevt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hciconncleanup...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the Bluetooth module in hcilebigsyncestablishedevt, which will result in incorrectly releasing the ida if...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a call to deltimersync in the interrupt service routine in the i2c:pnx module that could result in a potenti...

DEBIAN-CVE-2024-41066

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: txbufffreemapconsumerindex-skb = newskb; freemapconsumerindex = IBMVNICINVALIDMAP; consumerindex ++; Whe...

DEBIAN-CVE-2024-41051

In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemandobjectworker to finish when dropping object When queuing ondemandobjectworker to re-open the object, cachefilesobject is not pinned. The cachefilesobject may be freed when the pending read request is...

UBUNTU-CVE-2024-41051

In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemandobjectworker to finish when dropping object When queuing ondemandobjectworker to re-open the object, cachefilesobject is not pinned. The cachefilesobject may be freed when the pending read request is...

CVE-2024-39670

Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability...

PT-2024-38056 · F Logic · F-Logic Datacube3

Name of the Vulnerable Software and Affected Versions: F-logic DataCube3 version 1.0 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically in the file /admin/config time sync.php. The manipulation of the ntp server argument leads to os command...

Security Updates for Azure File Sync Agent (June 2024)

The Microsoft Azure File Sync Agent running on the remote host is 17.0 prior to 17.3 or 18.0 prior to 18.1. It is, therefore affected by an elevation of privilege vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Oracle Linux 8 / 9 : java-17-openjdk (ELSA-2024-4568)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4568 advisory. 1:17.0.12.0.7-2.0.1 - Add Oracle vendor bug URL 1:17.0.12.0.7-2 - Update to jdk-17.0.12+7 GA - Update .gitignore to ignore openjdk-17.0.12+7.tar.xz...

The vulnerability of sync services in operating systems such as iPadOS, iOS, and macOS allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of sync services in operating systems such as iPadOS, iOS, and macOS exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of protected information...