YingSheng Wear Sync 安全漏洞

YingSheng Wear Sync is a mobile application for connecting smart devices from YingSheng China. A security vulnerability exists in YingSheng Wear Sync v1.2.0, which stems from incorrect access control during firmware updates and downloads...

PT-2024-33144 · Wear Sync · Wear Sync

Name of the Vulnerable Software and Affected Versions: Wear Sync version 1.2.0 Description: The issue is related to incorrect access control in the firmware update and download processes. This allows attackers to access sensitive information by analyzing the code and data within the APK file...

SUSE CVE-2022-49004

In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAPSTACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is...

AZL-51443 CVE-2024-50029 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix UAF in hcienhancedsetupsync This checks if the ACL connection remains valid as it could be destroyed while hcienhancedsetupsync is pending on cmdsync leading to the following trace: BUG: KASAN:...

UBUNTU-CVE-2024-50029

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix UAF in hcienhancedsetupsync This checks if the ACL connection remains valid as it could be destroyed while hcienhancedsetupsync is pending on cmdsync leading to the following trace: BUG: KASAN:...

UBUNTU-CVE-2022-49004

In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAPSTACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is...

CVE-2022-49004

CVE-2022-49004 (Linux kernel) affects riscv architectures. The EFI page table is initially copied from the kernel page table; with VMAP_STACK enabled, kernel stacks allocated in vmalloc may land on a new PGD, causing a trap when switching to the EFI page table and a kernel panic. The fix updates ...

DEBIAN-CVE-2024-49951

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmtindexremoved If mgmtindexremoved is called while there are commands queued on cmdsync it could lead to crashes like the bellow trace: 0x0000053D: listdelentryvalidorreport+0x98/0xdc...

UBUNTU-CVE-2024-49951

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmtindexremoved If mgmtindexremoved is called while there are commands queued on cmdsync it could lead to crashes like the bellow trace: 0x0000053D: listdelentryvalidorreport+0x98/0xdc...

UBUNTU-CVE-2024-49966

In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqisyncwork before freeing oinfo ocfs2globalreadinfo will initialize and schedule dqisyncwork at the end, if error occurs after successfully reading global quota, it will trigger the following warning with...

CentOS 7 : kernel-alt (RHSA-2020:3545)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3545 advisory. - A memory leak in the ipmibmcregister function in drivers/char/ipmi/ipmimsghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a...

Azure File Sync Agent v19.1 Release – August 2024 (KB5040924)

Update Rollup for Azure File Sync agent version 19.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v19.1 Release – August 2024 (KB5040924)

Update Rollup for Azure File Sync agent version 19.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v19.1 Release – August 2024 (KB5040924)

Update Rollup for Azure File Sync agent version 19.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

GHSA-43F3-H63W-P6F6 Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability

Summary A logged-in user with any role can delete arbitrary files on the filesystem by calling the sync/cleansyncdir endpoint. The dirname POST parameter is not validated/sanitized and is used to construct the syncDir that is deleted by calling fs.rm. Details - file:...

ROS-20241001-12

QEMU hardware emulator vulnerability is related to synchronization errors. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

[SECURITY] Fedora 41 Update: nextcloud-29.0.6-1.fc41

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 39 Update: nextcloud-29.0.6-2.fc39

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 40 Update: nextcloud-29.0.6-2.fc40

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

dm-raid: really frozen sync_thread during suspend

...