OPENSUSE-SU-2021:1091-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links fixed: Folder Pane display theme fixes for macOS fixed: Chat account settings did not always save as...

UVI-2021-1001256 dma-buf/sync_file: Don't leak fences on merge failure

dma-buf/syncfile: Don't leak fences on merge failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.53 by commit...

The vulnerability of the HBS 3 (Hybrid Backup Sync) application for backup and disaster recovery operations on QNAP’s operating systems, related to authentication procedures that allow unauthorized users to escalate their privileges.

The vulnerability of the HBS 3 Hybrid Backup Sync application for backup and disaster recovery functions on QNAP network storage operating systems is related to deficiencies in the server authentication process of RTSS. Exploiting this vulnerability could allow a malicious actor to gain increased...

Remote memory exhaustion in ckb

In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...

OPENSUSE-SU-2021:2458-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links fixed: Folder Pane display theme fixes for macOS fixed: Chat account settings did not always save as...

SUSE-SU-2021:2458-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links fixed: Folder Pane display theme fixes for macOS fixed: Chat account settings did not always save as...

[SECURITY] Fedora 33 Update: nextcloud-19.0.13-1.fc33

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...

OESA-2021-1267 linuxptp security update

Linuxptp is an implementation of the Precision Time Protocol PTP according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces API offered by the Linux kernel...

Fedora: Security Advisory for nextcloud (FEDORA-2021-eac0e52f88)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

runC: Container breakout

Background runC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability in runC could allow an attacker to achieve privilege escalation if specific mount configuration prerequisites are satisfied. Impact An attacker may be able to escalati...

DEBIAN-CVE-2021-3571

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to...

CVE-2021-3571

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to...

CVE-2021-3571

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to...

[SECURITY] Fedora 34 Update: nextcloud-20.0.10-1.fc34

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

August 26, 2021—KB5005103 (OS Build 18363.1766) Preview

August 26, 2021—KB5005103 OS Build 18363.1766 Preview NEW 8/24/2021 IMPORTANT Starting in October 2021, there will no longer be optional, non-security releases known as "C" releases for Windows 10, version 1909. Only cumulative monthly security updates known as the "B" or Update Tuesday release...

CVE-2021-3571

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to...

UBUNTU-CVE-2021-3571

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to...

CVE-2021-31874

Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application...

CVE-2021-31874

Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application...