58 matches found
CVE-2022-27595
An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...
PT-2026-1094
Name of the Vulnerable Software and Affected Versions Qfinder Pro Mac versions prior to 7.13.0 Qsync for Mac versions prior to 5.1.5 QVPN Device Client for Mac versions prior to 2.2.8 Description A path traversal issue exists that could allow a local attacker with a user account to read the...
CVE-2025-6026
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...
CVE-2025-6026
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...
CVE-2025-6026
CVE-2025-6026 concerns Lenovo Universal Device Client (UDC). The issue is improper certificate validation that could allow an attacker capable of intercepting network traffic to access application metadata, including device information, geolocation, and telemetry data. The security details indica...
Lenovo Universal Device Client 安全漏洞
Lenovo Universal Device Client is a universal device client from Lenovo China. A security vulnerability exists in Lenovo Universal Device Client, which stems from improper certificate validation, and could allow a user who intercepts network traffic to obtain encrypted application metadata...
EUVD-2022-32096
Malicious code in bioql PyPI...
EUVD-2023-43769
Malicious code in bioql PyPI...
EUVD-2023-27471
Malicious code in bioql PyPI...
EUVD-2023-27470
Malicious code in bioql PyPI...
EUVD-2023-58579
Malicious code in bioql PyPI...
CVE-2023-53307 rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...
MAL-2025-4564 Malicious code in iot-sdk-device-client-rest-api (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7292c16917957be9e3511b347ab46a5b84d68d182f759d96859e22b934d013f Any computer that has this package installed or running should be considered...
CVE-2023-23371
A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following...
CVE-2023-6338
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client UDC that could allow an attacker with local access to execute code with elevated privileges...
CVE-2023-3078
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client UDC that could allow an attacker with local access to execute code with elevated privileges...
CVE-2023-23370
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have...
CVE-2024-53694 QVPN Device Client, Qsync, Qfinder Pro
A time-of-check time-of-use TOCTOU race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability...
CVE-2024-53694 QVPN Device Client, Qsync, Qfinder Pro
A time-of-check time-of-use TOCTOU race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability...
CVE-2024-53694
The CVE-2024-53694 issue is a TOCTOU race condition affecting QNAP products: QVPN Device Client for Mac, Qsync for Mac, and Qfinder Pro Mac. The vulnerability could allow local attackers with user access to access otherwise unauthorized resources. Mitigation/fix: patches are available in QVPN Dev...