SUSE CVE-2021-3571

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to...

SUSE CVE-2021-39260

A crafted NTFS image can cause an out-of-bounds access in ntfsinodesyncstandardinformation in NTFS-3G 2021.8.22...

SUSE CVE-2021-39359

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

SUSE CVE-2021-39358

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

SUSE CVE-2021-43820

Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether th...

SUSE-SU-2023:0345-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: cobbler: - Improve Cobbler performance with item cache and threadpool bsc1205489 - Skip collections that are inconsistent instead of crashing bsc1205749 - Add new 'cobbler-tests-containers' subpackage which contains setup and configuration files to run...

Brave Android 1.48.160 Security Fixes

Added the ability to delete a Brave Sync chain. - Added ability to enable Safe Browsing via brave://flags. - Fixed EIP712Domain data not being displayed in Brave Wallet when signing messages as reported on HackerOne by julianor. Upgraded Chromium to 110.0.5481.77 — refer to Google Chrome...

PT-2023-34831 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.89 Description: The issue is related to a missing call to ssam request sync free in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

Azure File Sync Agent v16 Release - January 2023

Azure File Sync Agent v16 Release - January 2023 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v16 release that is dated January 2023. Additionally, this article contains installation instructions for this release. Improvements and issues that are...

CVE-2023-21855

Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite component: Pocket Outlook SyncPocketPC. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Design/Logic Flaw

Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite component: Pocket Outlook SyncPocketPC. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

PT-2023-1198 · Oracle · Oracle Sales For Handhelds

Name of the Vulnerable Software and Affected Versions: Oracle Sales for Handhelds versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Pocket Outlook Sync PocketPC component of Oracle Sales for Handhelds, part of the Oracle E-Business Suite...

PT-2024-11812 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to a missing call to ssam request sync free in the platform/surface: aggregator component. Although rare, ss...

GHSA-WR3C-G326-486C GitOps Run allows for Kubernetes workload injection

Impact A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthoris...

PT-2025-54088

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's soundwire bus component related to power management runtime pm runtime handling. Specifically, an unbalanced pm runtime put call can lead to a usage...

My age+YubiKeys Password Management Solution

Password managers are in the news, and its the holidays, so its as good a time as ever to describe my password and secret management setup. Its very much not for everyone, but its minimal, simple, and has some interesting security properties: even if my laptop were compromised, it would take an...

CVE-2021-4277

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...

PT-2022-11682 · Unknown · Fredsmith Utils

Name of the Vulnerable Software and Affected Versions: fredsmith utils affected versions not specified Description: A problematic issue has been found in the processing of the file screenshot sync of the component Filename Handler. The manipulation leads to predictable data from observable state...

CVE-2022-44898

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service DoS or escalate privileges via crafted IOCTL requests...

CVE-2022-44898

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service DoS or escalate privileges via crafted IOCTL requests...