PT-2025-31263

Name of the Vulnerable Software and Affected Versions Couchbase Sync Gateway versions prior to 3.2.6 Description An issue was discovered where cleartext passwords were present in both redacted and unredacted output within the sgcollect info options.log and sync gateway.log files. Recommendations...

AZL-65723 CVE-2025-38409 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...

DEBIAN-CVE-2025-38409

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...

AZL-73031 CVE-2025-38409 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...

UBUNTU-CVE-2025-38409

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...

SUSE-SU-2025:02475-1 Security update 4.3.16 for Multi-Linux Manager Server

This update fixes the following issues: cobbler: - Prevent crash during Cobbler startup on NFS environments bsc1240666 - Synchronize cobbler add and sync actions bsc1233371 - Exclude disabled profiles from buildiso gen bsc1230908 grafana-formula: - Version 4.3.0: Added SUSE Linux Enterprise Serve...

CVE-2025-7699

An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request...

The vulnerability of the Multiplatform Sync Errors component of the Oracle Mobile Field Service management platform, a system for automating business operations within the Oracle E-Business Suite. This component allows attackers to gain access to read, modify, and delete information.

The vulnerability of the Multiplatform Sync Errors component in the Oracle Mobile Field Service management platform, part of the Oracle E-Business Suite enterprise automation system, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to...

CVE-2025-7699

An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request...

CVE-2025-7699 An improper access control vulnerability was found in the EZ Sync Manager of ADM

An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request...

CVE-2025-7699

The CVE-2025-7699 issue affects ADM’s EZ Sync Manager. A lack of authorization checks on the HTTP file parameter allows authenticated users to copy arbitrary server files into their EZSync folder, potentially exposing sensitive data. Affected: ADM 4.1.0–4.3.3.RH61 and ADM 5.0.0.RIN1 and earlier. ...

CVE-2025-7699 An improper access control vulnerability was found in the EZ Sync Manager of ADM

An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request...

PT-2025-29718 · Adm · Adm

Name of the Vulnerable Software and Affected Versions: ADM versions 4.1.0 through 4.3.3.RH61 ADM version 5.0.0.RIN1 and earlier Description: An improper access control vulnerability exists in the EZ Sync Manager of ADM. Authenticated users can copy arbitrary files from the server file system into...

ASUSTOR ADM 安全漏洞

ASUSTOR ADM is a specialized operating system for all ASUSTOR NAS devices from China's Hua Yun Technology ASUSTOR. A security vulnerability exists in ASUSTOR ADM versions 4.1.0 through 4.3.3.RH61 and 5.0.0.RIN1 and earlier, which stems from improper access control of the EZ Sync Manager, and coul...

sound/virtio: Fix cancel_sync warnings on uninitialized work_structs

...

Microsoft Office Outlook Code Execution

This proof-of-concept exploit demonstrates a code execution vulnerability in Microsoft Outlook. It injects a crafted mail item into Outlook containing a malicious sync path that triggers an action during scanning...

CVE-2025-7379

CVE-2025-7379 is a security bypass risk affecting ASUSTOR DataSync Center on ADM, via Reverse Tabnabbing. Affected versions are DataSync Center 1.1.0 up to but not including 1.1.0.r207, and 1.2.0 up to but not including 1.2.0.r206. The root cause is a tab hijacking/phishing vector that could enab...

CVE-2025-38237 media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()

In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimcishwchangemode In fimcishwchangemode, the function changes camera modes without waiting for hardware completion, risking corrupted data or system hangs if subsequent...

CVE-2025-38237

CVE-2025-38237 pertains to the Linux kernel, specifically the media: platform: exynos4-is code path. The issue arises in fimc_is_hw_change_mode(), where camera mode changes occur without waiting for hardware completion, risking data corruption or system hangs if subsequent operations race with ha...

PT-2025-33776

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a use-after-free UAF vulnerability in the f2fs sync inode meta function. This issue was identified by syzkaller and results from improper handling of memory,...