4649 matches found
CVE-2025-7699 An improper access control vulnerability was found in the EZ Sync Manager of ADM
An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request...
CVE-2025-7699
The CVE-2025-7699 issue affects ADM’s EZ Sync Manager. A lack of authorization checks on the HTTP file parameter allows authenticated users to copy arbitrary server files into their EZSync folder, potentially exposing sensitive data. Affected: ADM 4.1.0–4.3.3.RH61 and ADM 5.0.0.RIN1 and earlier. ...
PT-2025-29718 · Adm · Adm
Name of the Vulnerable Software and Affected Versions: ADM versions 4.1.0 through 4.3.3.RH61 ADM version 5.0.0.RIN1 and earlier Description: An improper access control vulnerability exists in the EZ Sync Manager of ADM. Authenticated users can copy arbitrary files from the server file system into...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a specialized operating system for all ASUSTOR NAS devices from China's Hua Yun Technology ASUSTOR. A security vulnerability exists in ASUSTOR ADM versions 4.1.0 through 4.3.3.RH61 and 5.0.0.RIN1 and earlier, which stems from improper access control of the EZ Sync Manager, and coul...
sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
...
Microsoft Office Outlook Code Execution
This proof-of-concept exploit demonstrates a code execution vulnerability in Microsoft Outlook. It injects a crafted mail item into Outlook containing a malicious sync path that triggers an action during scanning...
CVE-2025-7379
CVE-2025-7379 is a security bypass risk affecting ASUSTOR DataSync Center on ADM, via Reverse Tabnabbing. Affected versions are DataSync Center 1.1.0 up to but not including 1.1.0.r207, and 1.2.0 up to but not including 1.2.0.r206. The root cause is a tab hijacking/phishing vector that could enab...
CVE-2025-38237 media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()
In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimcishwchangemode In fimcishwchangemode, the function changes camera modes without waiting for hardware completion, risking corrupted data or system hangs if subsequent...
CVE-2025-38237
CVE-2025-38237 pertains to the Linux kernel, specifically the media: platform: exynos4-is code path. The issue arises in fimc_is_hw_change_mode(), where camera mode changes occur without waiting for hardware completion, risking data corruption or system hangs if subsequent operations race with ha...
Microsoft Outlook - Remote Code Execution (RCE)
Titles: Microsoft Outlook - Remote Code Execution RCE Author: nu11secur1ty Date: 07/06/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/microsoft-365/outlook/log-in Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47176...
PT-2025-33776
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a use-after-free UAF vulnerability in the f2fs sync inode meta function. This issue was identified by syzkaller and results from improper handling of memory,...
SUSE CVE-2025-38114
In the Linux kernel, the following vulnerability has been resolved: e1000: Move cancelworksync to avoid deadlock Previously, e1000down called cancelworksync for the e1000 reset task via e1000downandstop, which takes RTNL. As reported by users and syzbot, a deadlock is possible in the following...
SUSE CVE-2025-38119
In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcderrhandlingprepare calls ufshcdrpmgetsync. The latter function can only succeed if UFSHCDEHINPROGRESS is not set because resuming involves submitting a SCSI command and...
SUSE CVE-2025-38128
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...
CLSA-2025-1751538844 libgcrypt: Fix of CVE-2024-2236
Synced to upstream plus ASN.1 patch - Tested on AlmaLinux 9.5 - Fix CVE-2024-2236 RHEL-34579...
AZL-64505 CVE-2025-38105 affecting package kernel for versions less than 6.6.112.1-1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver might be freed without the disconnect call. This leaves the timer in an active state while the assigned...
UBUNTU-CVE-2025-38128
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...
UBUNTU-CVE-2025-38114
In the Linux kernel, the following vulnerability has been resolved: e1000: Move cancelworksync to avoid deadlock Previously, e1000down called cancelworksync for the e1000 reset task via e1000downandstop, which takes RTNL. As reported by users and syzbot, a deadlock is possible in the following...
CVE-2025-38128
Technical details on CVE-2025-38128 are not publicly provided in the connected documents. The advisories reference the vulnerability at a high level but do not expand on affected products, versions, root cause, exploit details, or fixes within this dataset. Monitor for updates.
CVE-2025-38128 Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...