dm-raid: really frozen sync_thread during suspend

...

md/dm-raid: don't call md_reap_sync_thread() directly

...

net/mlx5: Fix missing lock on sync reset reload

...

BIT-MATTERMOST-2024-39839

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a remote to set their remote username prop to an arbitrary string, which would be then synced to the...

BIT-MATTERMOST-2024-41926

Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...

AZL-49980 CVE-2024-44962 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading When unload the btnxpuart driver, its associated timer will be deleted. If the timer happens to be modified at this moment, it leads to the kernel ca...

CometBFT's state syncing validator from malicious node may lead to a chain split

Name: ASA-2024-009: State syncing validator from malicious node may lead to a chain split Component: CometBFT Criticality: Medium ACMv1.2: I:Moderate; L: Possible Affected versions: = 0.34.0, =0.37.0, = 0.38.0, = 0.38.11 Summary The state sync protocol retrieves a snapshot of the application and...

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0275-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0275-1 advisory. - Update to 113.0.5230.32 DNA-118250 Backport fix for CVE-2024-7971 from Chrome to Opera 113 - Changes in 113.0.5230.31 CHR-9819 Update Chromium on...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'date' require 'json' require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/syncoveryfilesyncbackup'...

Flexense HTTP Server Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service vulnerability in the Flexense HTTP server...

[SECURITY] Fedora 40 Update: calibre-7.17.0-3.fc40

Calibre is meant to be a complete e-library solution. It includes library management, format conversion, news feeds to ebook conversion as well as e-book reader sync features. Calibre is primarily a ebook cataloging program. It manages your ebook collection for you. It is designed around the...

The vulnerability of the hci_req_syncComplete() function in the Linux operating system’s Bluetooth kernel allows a intruder to trigger a service failure.

The vulnerability of the hcireqsyncComplete function in the Linux operating system’s Bluetooth kernel relates to the lack of releasing the previous synchronization request state before assigning a reference to the new one. Exploiting this vulnerability can allow an attacker to cause a service...

CVE-2024-43885

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-43885

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-43885

...

CVE-2024-43885

...

PT-2024-30742 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a double inode unlock for direct IO sync writes in the btrfs file system. When a direct IO sync write is performed at btrfs sync file, and inode logging needs t...

UBUNTU-CVE-2022-48930

In the Linux kernel, the following vulnerability has been resolved: RDMA/ibsrp: Fix a deadlock Remove the flushworkqueuesystemlongwq call since flushing systemlongwq is deadlock-prone and since that call is redundant with a preceding cancelworksync...

SUSE CVE-2022-48880

In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssamrequestsyncfree Although rare, ssamrequestsyncinit can fail. In that case, the request should be freed via ssamrequestsyncfree. Currently it is leaked instead. Fix this...

CVE-2024-7647

The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasyncwidgetsettingsfnc function. This makes it possible for unauthenticated attackers to...