GSD-2022-1003201 ceph: flush the mdlog for filesystem sync

ceph: flush the mdlog for filesystem sync This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.47 by commit...

GSD-2022-1002532 ceph: flush the mdlog for filesystem sync

ceph: flush the mdlog for filesystem sync This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.4 by commit...

Malicious Package

Overview en-conduit-sync is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

sync-sign.com Cross Site Scripting vulnerability OBB-2663200

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious code in secrets-sync-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ad5dd7927bcd89b1f83ce52eaf883a861ff2178c8f2fad548584c722e3b96ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5993 Malicious code in secrets-sync-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ad5dd7927bcd89b1f83ce52eaf883a861ff2178c8f2fad548584c722e3b96ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1927 Malicious code in client-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 506492c76e62a8122e2c85a6cbc0c4ca74db972b57a2b4876730316766d46673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in client-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 506492c76e62a8122e2c85a6cbc0c4ca74db972b57a2b4876730316766d46673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4880 Malicious code in node-colors-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7126c41016803ec276ddacf0acd45108bf2031e9fe72ea7f21cc81a62c81c4f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in node-colors-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7126c41016803ec276ddacf0acd45108bf2031e9fe72ea7f21cc81a62c81c4f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in colors-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 181e69463549824214acf0630be127046b968955a046e7f04bcf1c95c1fb2397 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2019 Malicious code in colors-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 181e69463549824214acf0630be127046b968955a046e7f04bcf1c95c1fb2397 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE-SU-2022:2144-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: inter-server-sync: - version 0.2.2 Parameter --channel-with-children didn't export data bsc1199089 Clean rhnchannelcloned table to rebuild hierarchy bsc1197400 - Version 0.2.1 Correct sequence in use for table rhnpackagekeybsc1197400 Make Docker image expor...

AtomicBucket<T> unconditionally implements Send/Sync

In the affected versions of the crate, AtomicBucket unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::datawith API. Such data races can potentially cause memory corruption or other undefined behavior. The flaw was...

GHSA-3HXH-7JXM-59X4 AtomicBucket<T> unconditionally implements Send/Sync

In the affected versions of the crate, AtomicBucket unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::datawith API. Such data races can potentially cause memory corruption or other undefined behavior. The flaw was...

PT-2025-8629 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.18.0-rc4 Description: A use-after-free issue was found in the Linux kernel, specifically in the tipc named reinit function. This issue was identified by syzbot and is related to a deadlock when flushing...

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...