23 matches found
EUVD-2025-37202
IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director CCD users that could allow a privileged user to escalate their privileges...
CVE-2025-36137
IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director CCD users that could allow a privileged user to escalate their privileges...
CVE-2025-36137
IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director CCD users that could allow a privileged user to escalate their privileges...
CVE-2025-36137 IBM Sterling Connect:Direct for UNIX command execution
IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director CCD users that could allow a privileged user to escalate their privileges...
CVE-2025-36137
CVE-2025-36137 affects IBM Sterling Connect:Direct for UNIX (versions 6.2.0.7–6.2.0.9 iFix004; 6.3.0.2–6.3.0.5 iFix002; 6.4.0.0–6.4.0.2 iFix001). The root cause is incorrect permission assignments for maintenance tasks to Control Center Director (CCD) users, which could allow a privileged user to...
PT-2025-44452
Name of the Vulnerable Software and Affected Versions IBM Sterling Connect Direct for Unix versions 6.2.0.7 through 6.2.0.9 iFix004 IBM Sterling Connect Direct for Unix versions 6.3.0.2 through 6.3.0.5 iFix002 IBM Sterling Connect Direct for Unix versions 6.4.0.0 through 6.4.0.2 iFix001 Descripti...
CVE-2025-60858
Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...
EUVD-2025-36541
Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...
CVE-2025-60858
Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...
PT-2025-44192
Name of the Vulnerable Software and Affected Versions Reolink Video Doorbell Wi-Fi DB 566128M5MP W affected versions not specified Description The Reolink Video Doorbell Wi-Fi DB 566128M5MP W stores and transmits Dynamic DNS DDNS credentials in plaintext within its configuration and update script...
CVE-2025-60858
Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...
CVE-2025-60858
CVE-2025-60858 affects Reolink Video Doorbell Wi‑Fi DB_566128M5MP_W. The vulnerability arises from storing and transmitting DDNS credentials in plaintext within the device’s configuration and update scripts, enabling potential interception or extraction of sensitive information. Across connected ...
EUVD-2008-5289
Malware in sbrugna...
EUVD-2008-0308
Malware in sbrugna...
Vulnerability fixed in Ivanti MobileIron Sentry
Ivanti has fixed a vulnerability in MobileIron Sentry. A unauthenticated malicious person with access to the management interface could exploit the vulnerability to use API calls to manipulate the Sentry system and execute commands with administrator privileges. For successful misuse, the malicio...
CVE-2019-3984
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...
CVE-2019-3984
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...
Input validation
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...
CVE-2019-3984
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...
Amazon's Blink Smart Security Cameras Open to Hijack
Multiple high-severity vulnerabilities have been discovered in Amazon-owned Blink XT2 security camera systems, which if exploited could give attackers complete control over them. The internet of things IoT cameras not to be confused with the Blink open-source browser engine, consist of a wireless...