624 matches found
CVE-2023-20044
A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A...
CVE-2020-12069
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device...
Unspecified Vulnerability in ZOHO ManageEngine Device Control Plus (CNVD-2023-00006)
ZOHO ManageEngine Device Control Plus is a USB device control software from ZOHO USA. It is used to control, block and monitor all removable devices connected to the computer. A security vulnerability exists in ZOHO ManageEngine Device Control Plus version 10.1.2228.15, which originates from the...
Unspecified Vulnerability in ZOHO ManageEngine Device Control Plus
ZOHO ManageEngine Device Control Plus is a USB device control software from ZOHO USA. It is used to control, block and monitor all removable devices connected to the computer. A security vulnerability exists in ZOHO ManageEngine Device Control Plus version 10.1.2228.15 that originates from the...
CVE-2020-12069 CODESYS V3 prone to Inadequate Password Hashing
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device...
CVE-2022-47578
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...
CVE-2022-47577
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...
CVE-2022-47577
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...
CVE-2022-47578
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...
CVE-2022-47577
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...
PT-2022-28076 · Zoho · Zoho Manageengine Device Control Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Device Control Plus version 10.1.2228.15 Description: An issue was discovered in the endpoint protection agent, where configuring complete restrictions on USB devices does not prevent bypassing these restrictions by booting...
ZOHO ManageEngine Device Control Plus 安全漏洞
ZOHO ManageEngine Device Control Plus is a USB device control software from ZOHO USA. It is used to control, block and monitor all removable devices connected to the computer. A security vulnerability exists in ZOHO ManageEngine Device Control Plus version 10.1.2228.15 that originates from the...
ZOHO ManageEngine Device Control Plus 安全漏洞
ZOHO ManageEngine Device Control Plus is a USB device control software from ZOHO USA. It is used to control, block and monitor all removable devices connected to the computer. A security vulnerability exists in ZOHO ManageEngine Device Control Plus version 10.1.2228.15, which originates from the...
CVE-2022-47577
CVE-2022-47577 affects Zoho ManageEngine Device Control Plus 10.1.2228.15 (endpoint protection agent). The issue allows bypassing USB restrictions by using a virtual machine (VM), enabling file exchange outside the system and exfiltration without Windows audit records. VMs can be created by any u...
CVE-2022-47578
CVE-2022-47578 affects Zoho ManageEngine Device Control Plus version 10.1.2228.15. The issue is that USB restrictions described as complete (pendrives, USB HDDs, memory cards, USB to mobile devices) can be bypassed by booting into Safe Mode, allowing potential data exfiltration or malware introdu...
CVE-2022-47577
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...
PT-2022-7140 · Zoho · Zoho Manageengine Device Control Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Device Control Plus version 10.1.2228.15 Description: An issue in the endpoint protection agent of Zoho ManageEngine Device Control Plus allows bypassing USB restrictions by using a virtual machine VM, enabling file exchange...
PT-2022-35478 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: The issue is related to a hung condition when a signal interrupts the nbd start device ioctl function. The actual impact and potential for attack have not been proven yet. Recommendations:...
AZL-11079 CVE-2022-41848 affecting package kernel for versions less than 5.15.122.1-2
drivers/char/pcmcia/synclinkcs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpcioctl and mgslpcdetach...
CVE-2022-28814
Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device...