4614 matches found
CVE-2019-9812
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...
DEBIAN-CVE-2019-9812
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...
CVE-2019-9812
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...
CVE-2019-9812
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...
CVE-2019-9812
CVE-2019-9812 describes a sandbox-escape in Mozilla Firefox/Firefox ESR: by loading accounts.firefox.com in a compromised sandboxed content process and auto-logging into a malicious Firefox Sync account, the adversary could cause sandbox-disabled preferences to be written to the local machine and...
Blink XT2 Sync Module Command Injection Vulnerability
The Blink XT2 is an indoor/outdoor smart security camera and the Sync Module is the included synchronization module. A command injection vulnerability exists in the Blink XT2 Sync Module firmware prior to version 2.13.11, which can be exploited by remote attackers to execute arbitrary commands on...
CVE-2019-3984
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...
CVE-2019-3984
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...
Input validation
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...
CVE-2019-3984
CVE-2019-3984 affects Blink XT2 Sync Module firmware prior to 2.13.11. The issue arises from improperly sanitized input in update scripts fetched from the internet, allowing remote attackers to execute arbitrary commands on the device. Reported in multiple sources (NVD, Red Hat, CNVD, CVE listing...
DEBIAN-CVE-2012-6111
gnome-keyring does not discard stored secrets when using gnomekeyringlockallsync function...
UBUNTU-CVE-2012-6111
gnome-keyring does not discard stored secrets when using gnomekeyringlockallsync function...
UBUNTU-CVE-2019-19813
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in mutexlock in kernel/locking/mutex.c. This is related to mutexcanspinonowner in kernel/locking/mutex.c, btrfsqgroupfreemeta in...
Update Rollup for Azure File Sync Agent – December 2019
Update Rollup for Azure File Sync Agent – December 2019 Introduction This article describes the issues that are fixed in the Update Rollup for Azure File Sync Agent that is dated December 2019. Additionally, this article contains installation instructions for the update. Improvements and issues...
Azure File Sync Agent v9.1 Release – December 2019 (KB4522360)
Update for Azure File Sync agent version 9.1.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v9.1 Release – December 2019 (KB4522360)
Update for Azure File Sync agent version 9.1.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v9.1 Release – December 2019 (KB4522360)
Update for Azure File Sync agent version 9.1.0.0. For more details, see the associated Microsoft Knowledge Base article...
Amazon Blink XT2 Sync Module OS Command Injection Vulnerability (CNVD-2020-09705)
Blink XT2 Sync Module is a camera synchronization device. Amazon Blink XT2 Sync Module suffers from an operating system command injection vulnerability. The vulnerability arises from a network system or product not properly filtering special characters, commands, etc. from external input data...
Amazon Blink XT2 Sync Module OS Command Injection Vulnerability
Blink XT2 Sync Module is a camera synchronization device. Amazon Blink XT2 Sync Module suffers from an operating system command injection vulnerability. The vulnerability arises from a network system or product not properly filtering special characters, commands, etc. from external input data...
Amazon Blink XT2 Sync Module OS Command Injection Vulnerability (CNVD-2020-09703)
Blink XT2 Sync Module is a camera synchronization device. Amazon Blink XT2 Sync Module suffers from an operating system command injection vulnerability. The vulnerability arises from a network system or product not properly filtering special characters, commands, etc. from external input data...