Logitech Sync for Windows 安全漏洞

Logitech Sync for Windows is a crossover application from Logitech Switzerland. A security vulnerability exists in Logitech Sync for Windows versions prior to 2.4.574, which could be exploited by an attacker to elevate privileges...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in StylemixThemes eRoom – Zoom Meetings & Webinar WordPress plugin = 1.3.7 allows an attacker to Sync with Zoom Meetings...

eRoom < 1.3.8 - Sync Meetings via CSRF

The plugin does not have CSRF check in place when syncing meetings, which could allow attackers to make logged in users perform such action via a CSRF attack...

CVE-2022-0915

There is a Time-of-check Time-of-use TOCTOU Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user...

ai.onehouse:lakeview-sync-tool (>=0.18.5 <=0.28.0), com.4paradigm.openmldb:openmldb-taskmanager (>=0.4.2 <=0.6.2) +415 more potentially affected by CVE-2022-26612 via org.apache.hadoop:hadoop-common (>=0.22.0 <=2.10.1)

org.apache.hadoop:hadoop-common MAVEN version =0.22.0, =0.18.5, =0.4.2, =2.0.29.2, =0.3.0, =0.3.0, =2.10.6.9, =3.0.0, =3.0.0, =0.24.0, =0.24.0, =0.24.0, =0.24.0, =0.19.3, =0.19.3, =0.26.0 and more Source cves: CVE-2022-26612 Source advisory: OSV:GHSA-GX2C-FVHC-PH4J...

Design/Logic Flaw

Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and...

CVE-2021-35103

CVE-2021-35103 is a Qualcomm/Snapdragon timer synchronization flaw where an improper validation of the number of timer values from firmware allows a local out-of-bounds write. Affected products span Qualcomm Snapdragon families (Auto, Compute, Connectivity, Industrial IOT, Mobile, Wearables, Wire...

Videos sync PDF <= 1.7.4 - Unauthenticated LFI

The plugin does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues PoC https://example.com/wp-content/plugins/video-synchro-pdf/reglages/MenuPlugins/tout.php?p=LFI...

WordPress Videos sync PDF plugin <= 1.7.4 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability discovered by Hassan Khan Yusufzai Splint3r7 in WordPress Videos sync PDF plugin versions = 1.7.4. Solution No patched version is available...

Azure File Sync Agent v15 Release – March 2022

Azure File Sync Agent v15 Release – March 2022 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v15 release that is dated March 2022. Additionally, this article contains installation instructions for this release. Improvements and issues that are fixe...

CVE-2021-25068

The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feedid' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard...

CVE-2021-25068

CVE-2021-25068 affects the WordPress plugin “Sync WooCommerce Product feed to Google Shopping” (versions up to 1.2.4). The root cause is improper sanitization of the POST parameter feed_id, which is used in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard. Public e...

Cannot input Simplified/Traditional Chinese or Japanese in Windows server 2019/2022 or Windows 10/11

For Windows Server 2019/2022 English OS or Windows 10/11 as VDA, CWA Windows Client uses Microsoft Pinyin IME to input simplified Chinese, Microsoft Bopomofo IME to input traditional Chinese, or Microsoft Japanese IME to input Japanese, keyboard sync mode is configured as "Sync only once" in...

CVE-2022-26188

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost...

TotoLink N600R 命令注入漏洞

TotoLink N600R is a wireless router from TotoLink, Taiwan, China. TotoLink N600R has a command injection vulnerability hole, which can be exploited by attackers via /setting/NTPSyncWithHost...

PT-2022-2057 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.0.0 and earlier Argo CD versions 0.8.0 through 0.9.x Argo CD versions 0.5.0 through 0.7.x Description: The issue is related to an improper access control bug in Argo CD, allowing a malicious user to potentially escalate the...

PT-2025-8173

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak issue in the Linux kernel's ASoC rockchip component has been identified. The problem occurs because pm runtime get sync increments the PM usage counter even if it fails,...

PT-2022-17728 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: Totolink A830R version 5.9c.4729 B20191112 Totolink A3100R version 4.1.2cu.5050 B20200504 Totolink A950RG version 4.1.2cu.5161 B20200903 Totolink A800R version 4.1.2cu.5137 B20200730 Totolink A3000RU version 5.9c.5185 B20201128 Totolink A810R...

CVE-2022-0659

The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...