116 matches found
SUSE-SU-2025:0165-1 Security update for rsync
This update for rsync fixes the following issues: - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 - CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 - CVE-2024-12087: arbitrary...
Security update for rsync
This update for rsync fixes the following issues: NOTE: This update was retracted due to a buggy security fix. A followup update will be provided. CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's...
Security update for rsync
This update for rsync fixes the following issues: CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 CVE-2024-12087: arbitrary file...
Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature
Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even...
GO-2024-3112 CometBFT's state syncing validator from malicious node may lead to a chain split github.com/cometbft/cometbft
CometBFT's state syncing validator from malicious node may lead to a chain split github.com/cometbft/cometbft...
openSUSE: Security Advisory for roundcubemail(SUSE-RU-2024:2017-1)
The remote host is missing an update for the roundcubemail packages announced via the SUSE-RU-2024:2017-1 advisory. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Git-Syncing into Trouble: Exploring Command Injection Flaws in Kubernetes
...
Git-Syncing into Trouble: Exploring Command Injection Flaws in Kubernetes
...
GO-2024-3028 Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server...
GHSA-56MC-F9W7-2WXQ Mattermost failed to disallow the modification of local users when syncing users in shared channels
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user...
CVE-2024-36492 Existing local user overwritten by malicious remote
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user...
CVE-2024-36492 Existing local user overwritten by malicious remote
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user...
GO-2024-2951 Denial of service when syncing with a malicious peer in github.com/cometbft/cometbft
A malicious peer can cause a syncing node to panic during blocksync. The syncing node may enter into a catastrophic invalid syncing state or get stuck in blocksync mode, never switching to consensus. Nodes that are vulnerable to this state may experience a Denial of Service condition in which...
Fedora: Security Advisory for rust-asahi-btsync (FEDORA-2024-ce2936b568)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-35794
In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen syncthread during suspend 1 commit f52f5c71f3d4 "md: fix stopping sync thread" remove MDRECOVERYFROZEN from mdstopwrites and doesn't realize that dm-raid relies on mdstopwrites to frozen syncthread...
CVE-2024-27406
In the Linux kernel, the following vulnerability has been resolved: lib/Kconfig.debug: TESTIOVITER depends on MMU Trying to run the ioviter unit test on a nommu system such as the qemu kc705-nommu emulation results in a crash. KTAP version 1 Subtest: ioviter module: kunitioviter 1..9 BUG: failure...
SUSE CVE-2021-47072
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix removed dentries still existing after log is synced When we move one inode from one directory to another and both the inode and its previous parent directory were logged before, we are not supposed to have the dentry f...
Should you allow your browser to remember your passwords?
At Malwarebytes weve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when youre just getting started. Once...
OPENSUSE-SU-2023:0171-1 Security update for nextcloud-desktop
This update for nextcloud-desktop fixes the following issues: Update ot 3.8.0 - Resize WebView widget once the loginpage rendered - Feature/secure file drop - Check German translation for wrong wording - L10n: Correct word - Fix displaying of file details button for local syncfileitem activities ...
CVE-2023-33183
Summary: CVE-2023-33183 affects the Nextcloud Calendar app. An issue disclosed internal website paths when the SMTP server is unavailable, enabling information disclosure. Affected versions (Calendar app): prior to 3.5.5 and prior to 4.2.3. Impact (per sources): exposure of internal paths; limite...