rpm package
opensuse/syncthing&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/syncthing&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-22189 | Hig | 7.5 | < 1.27.6-1.1 | 1.27.6-1.1 | Apr 4, 2024 | quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame | |
| CVE-2022-46165 | — | < 1.23.5-1.1 | 1.23.5-1.1 | Jun 6, 2023 | Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared fo | ||
| CVE-2021-21404 | — | < 1.18.2-2.1 | 1.18.2-2.1 | Apr 6, 2021 | Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a | ||
| CVE-2020-11022 | Med | 6.9 | < 2.1.0-1.1 | 2.1.0-1.1 | Apr 29, 2020 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
- affected < 1.27.6-1.1fixed 1.27.6-1.1
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame
- CVE-2022-46165Jun 6, 2023affected < 1.23.5-1.1fixed 1.23.5-1.1
Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared fo
- CVE-2021-21404Apr 6, 2021affected < 1.18.2-2.1fixed 1.18.2-2.1
Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a
- affected < 2.1.0-1.1fixed 2.1.0-1.1
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.