Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46165 | 1 Syncthing | 1 Syncthing | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for shared folders or add devices automatically. Additionally adding a new device with a malicious name could embed HT ...
Show More |
|||||
| CVE-2021-21404 | 1 Syncthing | 1 Syncthing | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which po ...
Show More |
|||||
| CVE-2017-1000420 | 1 Syncthing | 1 Syncthing | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite
|
|||||