ASB-A-203229608

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

Cannot activate Microsoft Pinyin IME in Windows server 2016/2019/2022

Cannot activate Microsoft Pinyin IME in Windows server 2016/2019/2022 VDA if client keyboard layout set “sync only once” mode Following are the details of the error, 1. VDA OS is a Windows server 2016/2019/2022 English version. 2. CWA Windows set the keyboard layout to “Sync only once – when the...

Memory corruption

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service DoS. On all Junos platforms, the Kernel Routing Table KRT queue can get stuck due to a memory leak triggered ...

WAVLINK WN535K2 和 WN535K3 操作系统命令注入漏洞

The WAVLINK WN535K2 and WAVLINK WN535K3 are both wireless routers from the Chinese company WAVLINK. A security vulnerability exists in the WAVLINK WN535K2 and WN535K3 versions, which stems from certain unknown processing in /cgi-bin/touchlistsync.cgi, where manipulation of IP parameters may resul...

CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

kernel security, bug fix, and enhancement update

4.18.0-372.16.1.0.16.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32...

About CMDB Sync Integration with Qualys CyberSecurity Asset Management

Welcome to the first in a new series of blog posts about Qualys integrations. This first blog in the series covers our integrations as they relate to CMDB Sync, which is a part of Qualys CyberSecurity Asset Management CSAM and has two versions. One version is for basic ServiceNow customers who ha...

Exploit for OS Command Injection in Mailcow Mailcow\:_Dockerized

Mailcow CVE-2022-31138 RCE and Domain Admin privilege escalat...

CVE-2022-31536

The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31536

The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31536

The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Path traversal

The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31536

CVE-2022-31536 affects the repository by jaygarza1982/ytdl-sync up to 2021-01-02, where an unsafe use of Flask’s send_file enables absolute path traversal. Documented impact includes partial confidentiality/partial availability (CVSS v3.1 base score 9.3; network attack, no privileges, no user int...

ytdl-sync 路径遍历漏洞

The ytdl-sync repository is a web interface for YTDL by Jake Garza, an individual developer in the United States. A security vulnerability exists in ytdl version 2021-01-02 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

MAL-2022-6390 Malicious code in sync-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fefcdbe4a5390f1020ae074005addef32fd13333ceb9103df14daa268f805ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sync-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fefcdbe4a5390f1020ae074005addef32fd13333ceb9103df14daa268f805ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OESA-2022-1743 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol

The popular protocol for radio controlled RC aircraft called ExpressLRS can be hacked in only a few steps, according to a bulletin published last week. ExpressLRS is an open-source long range radio link for RC applications, such as first-person view FPV drones. “Designed to be the best FPV Racing...

GSD-2022-1003201 ceph: flush the mdlog for filesystem sync

ceph: flush the mdlog for filesystem sync This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.47 by commit...