gfbgraph: missing TLS certificate verification

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

kernel: mptcp: fix deadlock in __mptcp_push_pending()

A vulnerability was found in the Linux kernel's mptcp component in the mptcppushpending function, where a deadlock can occur when calling mptcpflushjoinlist with the subflow socket lock held. This happens if the synchronization function mptcpsockoptsyncall is invoked, causing the system to hang d...

[SECURITY] Fedora 36 Update: rsync-3.2.3-15.fc36

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

Azure File Sync Agent v15.0 Release – March 2022 (KB5003882)

Update for Azure File Sync agent version 15.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v15.0 Release – March 2022 (KB5003882)

Update for Azure File Sync agent version 15.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v15.0 Release – March 2022 (KB5003882)

Update for Azure File Sync agent version 15.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v15.0 Release – March 2022 (KB5003882)

Update for Azure File Sync agent version 15.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

WordPress plugin Videos sync PDF file contains vulnerabilities

WordPress is a set of blogging platform developed using the PHP language. WordPress plugin Videos sync PDF version 1.7.4 and before there is a file inclusion vulnerability, the vulnerability stems from the plugin in the inclusion statement using the p parameter before failing to validate, an...

CVE-2022-1392

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues...

CVE-2022-1392 Videos sync PDF <= 1.7.4 - Unauthenticated LFI

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues...

CVE-2022-1392

The CVE-2022-1392 entry concerns the WordPress plugin Videos sync PDF, version = 1.7.5 or apply the vendor patch. The connected nuclei/WP exploit references indicate a PoC exists (e.g., WPEX template "Videos sync PDF

WordPress plugin Videos sync PDF路径遍历漏洞

WordPress is a set of blogging platform developed using the PHP language. WordPress plugin Videos sync PDF version 1.7.4 and before there is a file inclusion vulnerability, the vulnerability stems from the plugin in the inclusion statement using the p parameter before failing to validate, an...

WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)

Exploit Title: WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Date: 2022-04-13 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: http://www.a-j-evolution.com/ Software Link:...

Videos sync PDF <= 1.7.4 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when editing a video, and does not escape some of its fields, which could allow attackers to make a logged in admin change them and lead to Stored Cross-Site Scripting issues 2, 00:00:10-3, 00:00:15-4, 00:00:20-5" /...

WordPress Videos sync PDF 1.7.4 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: http://www.a-j-evolution.com/ Software Link:...

CVE-2022-0915

There is a Time-of-check Time-of-use TOCTOU Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user...

CVE-2022-0915

There is a Time-of-check Time-of-use TOCTOU Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user...

Race condition

There is a Time-of-check Time-of-use TOCTOU Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user...

CVE-2022-0915 Logitech Sync desktop application prior to 2.4.574 - TOCTOU during installation leads to privelege escalation

There is a Time-of-check Time-of-use TOCTOU Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user...

CVE-2022-0915

CVE-2022-0915 concerns the Logitech Sync desktop application for Windows prior to 2.4.574. The issue is a TOCTOU race condition during installation that may allow an attacker to escalate privileges to the system user. Affected product: Logitech Sync on Windows (pre-2.4.574). Root cause: race cond...