AZL-53298 CVE-2024-50255 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hcireadsupportedcodecs Fix hcicmdsyncsk to return not NULL for unknown opcodes. hcicmdsyncsk returns NULL if a command returns a status event. However, it also returns NULL where an opcode...

mptcp: pm: Fix uaf in __timer_delete_sync

...

Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync

...

The vulnerability of the hci_enhanced_setup_sync() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the hcienhancedsetupsync function in the net/bluetooth/hciconn.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

CVE-2024-50121

CVE-2024-50121 affects the Linux kernel component nfsd, specifically the race where nfsd_shrinker_work may be cancelled in nfs4_state_shutdown_net without waiting for the shrinker to exit. This can cause warnings and use-after-free scenarios when unhashing and destroying nfsd clients during net s...

kernel: ibmvnic: Add tx check to prevent skb leak

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: txbufffreemapconsumerindex-skb = newskb; freemapconsumerindex = IBMVNICINVALIDMAP; consumerindex ++; Whe...

Malicious code in orb-sync-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 66fd78c3bd4a6a0c78fd807883122d9472771728d739f90d169cd1ba62760f3c The OpenSSF Package Analysis project identified 'orb-sync-lib' @ 100.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-10268 Malicious code in orb-sync-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 66fd78c3bd4a6a0c78fd807883122d9472771728d739f90d169cd1ba62760f3c The OpenSSF Package Analysis project identified 'orb-sync-lib' @ 100.0.0 npm as malicious. It is considered malicious because: - The package...

Qualys VMDR & Core Apps Revamped: Ultimate Cyber Defense Partnership for Streamlined Vulnerability Management with ITSM

Introducing the Revamped VMDR & Core Apps Qualys has the dynamic duo of ServiceNow Apps – The Qualys Core App and Qualys VMDR App – that help you close the gap between IT and Security teams, making vulnerability management and ticketing workflows seamless and eliminating manual spreadsheet-based...

PT-2024-7401

Name of the Vulnerable Software and Affected Versions: HBS 3 Hybrid Backup Sync versions prior to 25.1.1.673 Description: The issue is related to an OS command injection vulnerability. This vulnerability could allow remote attackers to execute commands. It is reported that over 113,000 instances...

Security Bulletin: IBM Datapower Operations Dashboard could allow remote attacker to execute arbitrary commands on the system CVE-2017-16100

Summary dns-sync is used by the IBM Datapower Operations Dashboard implementation of networking operations Vulnerability Details CVEID:CVE-2017-16100 DESCRIPTION: Node.js dns-sync module could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation o...

Lawo AG vsm LTC Time Sync Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated Path Traversal Vulnerability product: Lawo AG - vsm LTC Time Sync vTimeSync vulnerable version: 4.5.6.0 fixed version: 4.5.6.0 CVE number: CVE-2024-6049...

CVE-2024-48546

Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file...

SUSE CVE-2024-49966

In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqisyncwork before freeing oinfo ocfs2globalreadinfo will initialize and schedule dqisyncwork at the end, if error occurs after successfully reading global quota, it will trigger the following warning with...

CVE-2024-6049

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

CVE-2024-6049 Unauthenticated Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

CVE-2024-6049

The CVE-2024-6049 issue affects Lawo AG vsm LTC Time Sync (vTimeSync) Web server. A triple-dot path traversal vulnerability allows unauthenticated attackers to download arbitrary OS files via crafted HTTP requests, with exploitation possible only when a file extension is requested (e.g., .exe, .t...

CVE-2024-48546

Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file...

Lawo AG vsm LTC Time Sync 路径遍历漏洞

Lawo vsm LTC Time Sync Lawo vTimeSync is an application from Lawo, Inc. A security vulnerability exists in Lawo AG vsm LTC Time Sync prior to version 4.5.6.0, which stems from the presence of a path traversal vulnerability that could allow an unauthenticated, remote attacker to download arbitrary...

CVE-2024-48546

CVE-2024-48546 affects the Wear Sync mobile app (Wear Sync v1.2.0). The issue is incorrect access control in the firmware update and download processes, allowing an attacker to access sensitive information by inspecting code/data inside the APK. Documented impact is high for confidentiality, inte...