4531 matches found
CVE-2019-3988
CVE-2019-3988 affects the Blink XT2 Sync Module firmware prior to 2.13.11. It is an OS command injection vulnerability caused by improper sanitization of the bssid parameter during Wi‑Fi configuration, enabling remote command execution on the device. Public details from multiple sources confirm t...
CVE-2019-3988
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter...
CVE-2019-3989
The Blink XT2 Sync Module firmware (pre-2.13.11) is affected by CVE-2019-3989, a remote OS command injection due to improper sanitization of internal network data. The vulnerability arises when the device constructs and executes OS commands from external input (notably via get_network()/get_netwo...
PT-2019-15901 · Zoho · Zoho Manageengine Applications Manager
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Applications Manager versions prior to 13620 Description: The issue allows for remote unauthenticated SQL injection. This is achieved via the eventid parameter to the SyncEventServlet endpoint, specifically targeting the doG...
Amazon's Blink Smart Security Cameras Open to Hijack
Multiple high-severity vulnerabilities have been discovered in Amazon-owned Blink XT2 security camera systems, which if exploited could give attackers complete control over them. The internet of things IoT cameras not to be confused with the Blink open-source browser engine, consist of a wireless...
Azure File Sync Agent v9.0 Release – November 2019 (KB4522359)
Update for Azure File Sync agent version 9.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v9.0 Release – November 2019 (KB4522359)
Update for Azure File Sync agent version 9.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v9.0 Release – November 2019 (KB4522359)
Update for Azure File Sync agent version 9.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
UBUNTU-CVE-2019-19064
A memory leak in the fsllpspiprobe function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering pmruntimegetsync failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this because a...
Azure File Sync Agent v8.0 Release – October 2019 (KB4511224)
Update for Azure File Sync agent version 8.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v8.0 Release – October 2019 (KB4511224)
Update for Azure File Sync agent version 8.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v8.0 Release – October 2019 (KB4511224)
Update for Azure File Sync agent version 8.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
WordPress iThemes Sync plugin <= 2.0.17 - Insufficient Secure Key Validation vulnerability
Insufficient Secure Key Validation vulnerability found in WordPress iThemes Sync plugin versions = 2.0.17. Solution Update the WordPress iThemes Sync plugin to the latest available version at least 2.0.18...
iThemes Sync <= 2.0.17 - Insufficient Secure Key Validation
iThemes Sync allows users to manage multiple websites from a single dashboard. This vulnerability, affecting secret key validation, could lead to full compromise of a WordPress site...
Azure File Sync Agent v8 Release – October 2019
Azure File Sync Agent v8 Release – October 2019 Introduction This article describes the improvements and issues that are fixed in the Azure File Sync Agent v8 release that is dated October 2019. Additionally, this article contains installation instructions for the update. Improvements and issues...
Azure File Sync Agent v7 Release – June 2019
Azure File Sync Agent v7 Release – June 2019 Introduction This article describes the improvements and issues that are fixed in the Azure File Sync Agent v7 release that is dated June 2019. Additionally, this article contains installation instructions for the update. Improvements and issues that a...
Security update for MozillaFirefox (important)
openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2019:2260-1 Rating: important References: 1109465 1117473 1123482 1124525 1133810 1138688 1140868 1141322 1145665 1149292 1149293 1149294 1149295 1149296 1149297 1149298 1149299 1149302 1149303 1149304 11493...
Security update for MozillaFirefox (important)
openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2019:2251-1 Rating: important References: 1109465 1117473 1123482 1124525 1133810 1138688 1140868 1141322 1145665 1149292 1149293 1149294 1149295 1149296 1149297 1149298 1149299 1149302 1149303 1149304 11493...
Mozilla: Sandbox escape through Firefox Sync
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...
Mozilla: Sandbox escape through Firefox Sync
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...