CVE-2018-20161

A design flaw in the BlinkForHome aka Blink For Home Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips triggered by the motion sensor are not saved if the attacker's traffic such as Dot11Deauth successfully disconnects the Sync Module from the...

CVE-2018-20161

A design flaw in the BlinkForHome aka Blink For Home Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips triggered by the motion sensor are not saved if the attacker's traffic such as Dot11Deauth successfully disconnects the Sync Module from the...

CVE-2018-20161

CVE-2018-20161 concerns the BlinkForHome Sync Module (2.10.4 and earlier). The vulnerability is a design flaw that allows an attacker to disable cameras via Wi‑Fi because incident clips tied to motion-sensor events aren’t saved if the attacker’s traffic (e.g., Dot11Deauth) disconnects the Sync Mo...

Update rollup for Azure File Sync Agent: December 2018

Update rollup for Azure File Sync Agent: December 2018 Introduction This article describes the improvements and issues that are fixed in the update for the Azure File Sync Agent that's dated December 2018. Additionally, this article contains installation instructions for this release. Improvement...

5aces-service-registry (=1.0.1), 5aces-service-root (>=1.0.1 <=1.0.3) +965 more potentially affected by CVE-2017-16024 via sync-exec (>=0.3.2 <=0.6.2)

sync-exec NPM version =0.3.2, =1.0.1, =3.0.0, =3.2.0, =1.0.0, =1.0.0, =1.0.0, =0.1.5, =2.3.5, =0.1.12-alpha.0, =0.1.16 and more Source cves: CVE-2017-16024 Source advisory: OSV:GHSA-38H8-X697-GH8Q...

Tmp files readable by other users in sync-exec

Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege...

GHSA-38H8-X697-GH8Q Tmp files readable by other users in sync-exec

Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege...

Yi Technology Home Camera Time Sync Code Execution (CVE-2018-3892)

A remote code execution exists in the time syncing functionality of Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

SUSE SLES12 Security Update : smt (SUSE-SU-2018:3467-1)

SMT was updated to version 3.0.38. Following security issue was fixed : CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup bsc1104076 Following non security issues were fixed: Add migration path check when registration sharing is enabled Fix sibling sync...

sync-tm.everesttech.net Open Redirect vulnerability

Open Bug Bounty ID: OBB-687925 Description| Value ---|--- Affected Website:| sync-tm.everesttech.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| hidden...

Profile sync issues with Mozilla Firefox after logoff and login.

Mozilla Firefox settings such as bookmarks not getting saved after logoff and login. With Internet Explorer there is no issue, however it does not work with Mozilla...

Android App Verification Issues Pave Way For Phishing Attacks

A design issue in the way some popular password manager tools verify legitimate Android apps could be harnessed to help attackers launch successful phishing attacks on users. Researchers with the University of Genoa and Eurecom inspected popular mobile password tools that sync with Android...

CVE-2018-17538

Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...

Design/Logic Flaw

DISPUTED Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...

CVE-2018-17538

Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...

CVE-2018-17538

Axon Evidence Sync 3.15.89 is described as vulnerable to process injection. The PT-2018-14047 entry notes the vendor disputes the vulnerability’s existence and that no fix/version is publicly documented in the provided sources. No remediation details are available in the connected documents; expl...

CVE-2018-17538

Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...

PT-2018-14047 · Axon · Axon Evidence Sync

Name of the Vulnerable Software and Affected Versions: Axon Evidence Sync version 3.15.89 Description: The issue concerns process injection. The vendor disputes the existence of this vulnerability, stating that the associated information does not support any finding of a vulnerability...

CVE-2018-3918

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync'...

PT-2018-16310 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: An issue exists in the remote servers of Samsung SmartThings Hub where the hubCore process listens on port 39500 and relays unauthenticated messages. The servers incorrectly...