CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

CVE-2025-67789

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API...

CVE-2025-67793

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...

CVE-2025-67790

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death BSOD on Windows computers by using an IOCTL and an unterminated string...

CVE-2025-67792

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers...

CVE-2025-67789

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API...

CVE-2025-67792

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers...

CVE-2025-67790

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death BSOD on Windows computers by using an IOCTL and an unterminated string...

CVE-2025-67793

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...

CVE-2025-67787

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting XSS issue in DriveLock Operations Center allows for session takeover over a network...

CVE-2025-67787

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting XSS issue in DriveLock Operations Center allows for session takeover over a network...

CVE-2025-67781

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers...

CVE-2025-67781

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers...

CVE-2025-67793

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions prior to 24.1.6, 24.2.7, and 25.1.5, which stems from a local unprivileged user being able to manipulate a privileged process, potentially leading to...

DriveLock Operations Center 安全漏洞

DriveLock Operations Center is a centralized management console from DriveLock Germany. A security vulnerability exists in DriveLock Operations Center versions prior to 25.1.5 that stems from the presence of a cross-site scripting issue that could lead to a session takeover over the network...

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions prior to 24.1.6, 24.2.7, and 25.1.5, which stems from an authenticated user being able to retrieve the number of computers of other tenants via the DriveLoc...