4614 matches found
Azure File Sync Agent v12.1 Release – May 2021 (KB4588751)
Update for Azure File Sync agent version 12.1.0.0. For more details, see the associated Microsoft Knowledge Base article...
CVE-2021-28799 Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...
PT-2021-4456
Name of the Vulnerable Software and Affected Versions HBS 3 versions prior to v16.0.0415 on QTS 4.5.2 HBS 3 versions prior to v3.0.210412 on QTS 4.3.6 HBS 3 versions prior to v3.0.210411 on QTS 4.3.4 HBS 3 versions prior to v3.0.210411 on QTS 4.3.3 HBS 3 versions prior to v16.0.0419 on QuTS hero...
PT-2024-11352 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a possible use-after-free in the nicstar cleanup function. The problem arises because the del timer function does not wait for the timer handler to finish, whic...
GHSA-F8FH-8RGM-227H OS Command Injection in node-prompt-here
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The runCommand is called by getDevices function in file linux/manager.js, which is required by the index. process.env.NMCLI in the file linux/manager.js. This function is used to construct the argument of function execSync,...
Authorization Bypass
grafana is vulnerable to authorization bypass. The team sync HTTP API allows any authenticated user to add external groups to existing teams. This vulnearbilitycan be abused to grant a user team arbitrary permissions...
GHSA-72RJ-36QC-47G7 Pgsync Contains Cleartext Transmission of Sensitive Information
pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used...
CVE-2021-31671
pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used...
pgsync 安全漏洞
pgsync is an open source application. Synchronizes data from one Postgres database to another. A security vulnerability exists in versions prior to pgsync 0.6.7, which stems from being affected by the disclosure of sensitive information...
Connection security vulnerability with schema sync
pgsync drops connection parameters when syncing the schema with the --schema-first and --schema-only options. Some of these parameters may affect security. For instance, if sslmode is dropped, the connection may not use SSL. The first connection parameter is not affected. pgsync drops connection...
[SECURITY] Fedora 33 Update: nextcloud-client-3.1.3-1.fc33
Nextcloud-client enables you to connect to your private Nextcloud Server. With it you can create folders in your home directory, and keep the contents of those folders synced with your Nextcloud server. Simply copy a file into the directory and the Nextcloud Client does the rest...
Nextcloud: Trusted server shared secret stored unencrypted in the database
The attack vector here is that somebody gets their hands on your database. When two servers have added each other as trusted server they exchange shared secret token. With this token they can sync down each other user lists. However it seems that this token is stored in plain text in the...
PT-2024-11070 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists between a task aborting a transaction during a commit, a task doing an fsync, and the transaction kthread, leading to a use-after-free of the log root tree. Thi...
openSUSE: Security Advisory for cobbler (openSUSE-SU-2021:0046-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Azure File Sync Agent v11.3 Release – April 2021 (KB4539953)
Update for Azure File Sync agent version 11.3.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v11.3 Release – April 2021 (KB4539953)
Update for Azure File Sync agent version 11.3.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v11.3 Release – April 2021 (KB4539953)
Update for Azure File Sync agent version 11.3.0.0. For more details, see the associated Microsoft Knowledge Base article...
RUSTSEC-2021-0113 AtomicBucket<T> unconditionally implements Send/Sync
In the affected versions of the crate, AtomicBucket unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::datawith API. Such data races can potentially cause memory corruption or other undefined behavior. The flaw was...
AtomicBucket<T> unconditionally implements Send/Sync
In the affected versions of the crate, AtomicBucket unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::datawith API. Such data races can potentially cause memory corruption or other undefined behavior. The flaw was...
PT-2021-7757 · Red Hat +6 · 389 Directory Server +7
Name of the Vulnerable Software and Affected Versions: 389 Directory Server versions affected versions not specified Description: The issue is related to a NULL pointer dereference error. An authenticated attacker can cause a crash by using a specially crafted query with a sync repl client in...