Azure File Sync Agent v18.2 Release – July 2024 (KB5023059)

Update Rollup for Azure File Sync agent version 18.2.0.0. For more details, see the associated Microsoft Knowledge Base article...

Improper Control of Generation of Code ('Code Injection')

Overview Affected versions of this package are vulnerable to Improper Control of Generation of Code 'Code Injection'. This is due to a bypass of CVE-2024-27980. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. Note...

USN-6881-1 exim4 vulnerability

It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to perform response injection during MTA SMTP sending...

CVE-2024-3995 Command Injection in Helix ALM

In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins...

CVE-2024-39669

In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security...

CVE-2024-39669

In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security...

The vulnerability of the Microsoft Azure File Sync data synchronization service lies in the improper handling of symbolic links before accessing files. This allows attackers to circumvent existing security restrictions and enhance their privileges.

The vulnerability of the Microsoft Azure File Sync data synchronization service is related to the incorrect definition of symbolic links before accessing a file. Exploiting this vulnerability can allow an attacker to circumvent existing security restrictions and enhance their privileges...

AZL-67446 CVE-2024-37354 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfssetitemkeysafe: BTRFS critical device vdb: slot 4 key 450 108 8192 new key 450 108 8192 ------------ cu...

Malicious code in use-sync-external-store-shim (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in sync-dsc (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3075 Malicious code in sync-dsc (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3034 Malicious code in source-map-sync-tool (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in axle-react-native-app-sync-client (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-1793 Malicious code in axle-react-native-app-sync-client (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2024-38630

In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdttrigger When the cpu5wdt module is removing, the origin code uses deltimer to de-activate the timer. If the timer handler is running, deltimer could not stop it and wil...

SUSE CVE-2024-38780

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...

CVE-2024-38780

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...

CVE-2024-38780

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...

AZL-42819 CVE-2024-38780 affecting package kernel for versions less than 6.6.35.1-4

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...

DEBIAN-CVE-2024-38780

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...