UBUNTU-CVE-2022-4662

A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system...

The vulnerability in the driver/driver/video/fbdev/smscufx.c file of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the driver/driver/video/fbdev/smscufx.c file of Linux operating systems is related to the state of the race when a USB device is detected during the call to open. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the imx_register_uart_clocks() function in the drivers/clk/imx/clk.c file of the Linux kernel allows a hacker to cause system failures or gain increased privileges.

The vulnerability of the imxregisteruartclocks function in the drivers/clk/imx/clk.c file of the Linux kernel is related to a pointer assignment error. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...

CVE-2022-47578

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...

CVE-2022-47577

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...

CVE-2022-47577

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...

CVE-2022-47578

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...

ZOHO ManageEngine Device Control Plus 安全漏洞

ZOHO ManageEngine Device Control Plus is a USB device control software from ZOHO USA. It is used to control, block and monitor all removable devices connected to the computer. A security vulnerability exists in ZOHO ManageEngine Device Control Plus version 10.1.2228.15, which originates from the...

PT-2022-28076 · Zoho · Zoho Manageengine Device Control Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Device Control Plus version 10.1.2228.15 Description: An issue was discovered in the endpoint protection agent, where configuring complete restrictions on USB devices does not prevent bypassing these restrictions by booting...

PT-2022-7140 · Zoho · Zoho Manageengine Device Control Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Device Control Plus version 10.1.2228.15 Description: An issue in the endpoint protection agent of Zoho ManageEngine Device Control Plus allows bypassing USB restrictions by using a virtual machine VM, enabling file exchange...

CVE-2022-26581

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability...

PT-2022-17940 · Pax Technology · Paydroid +1

Name of the Vulnerable Software and Affected Versions: PAX A930 device with PayDroid versions 7.1.1 Virgo V04.3.26T1 20210419 through 7.1.1 Virgo V04.4.02 20211201 Description: The issue allows an unauthorized attacker to perform privileged actions through the execution of specific binaries liste...

PT-2022-17939 · Pax · Pax A930 +1

Name of the Vulnerable Software and Affected Versions: PAX A930 device with PayDroid versions 7.1.1 Virgo V04.3.26T1 20210419 through 7.1.1 Virgo V04.4.02 20211201 Description: The issue allows the execution of specific command injections on selected binaries in the ADB daemon shell service. An...

The vulnerability of the USB 2.0 (EHCI) controller in VMware ESXi, VMware Workstation, and VMware Fusion, as well as in the virtualization platform VMware Cloud Foundation, allows a perpetrator to execute arbitrary code.

The vulnerability of the USB 2.0 EHCI controller in VMware ESXi, VMware Workstation, and VMware Fusion, as well as in the virtualization platform VMware Cloud Foundation, relates to the ability to write beyond the buffer. Exploiting this vulnerability could allow an attacker to execute arbitrary...

CVE-2022-46144

A vulnerability has been identified in SCALANCE SC622-2C 6GK5622-2GS00-2AC2 All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 V3.0, SCALANCE WAM763-1 6GK5763-1AL00-7DA0 All versions V2.0.0, SCALANCE WAM766-1 6GK5766-1GE00-7DA0 All versions V2.0.0, SCALANCE WAM766-1 US 6GK5766-1GE00-7DB0 All...

CVE-2022-46144

A vulnerability has been identified in SCALANCE SC622-2C 6GK5622-2GS00-2AC2 All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 V3.0, SCALANCE WAM763-1 6GK5763-1AL00-7DA0 All versions V2.0.0, SCALANCE WAM766-1 6GK5766-1GE00-7DA0 All versions V2.0.0, SCALANCE WAM766-1 US 6GK5766-1GE00-7DB0 All...

What’s My Name Again? Reolink camera command injection

TL;DR Research on Reolink’s RLC-520A smart motion detection camera has turned up an authenticated command injection vulnerability. Exploiting this vulnerability with an injected system command can render the device useless. Introduction The camera is vulnerable to an authenticated command injecti...

CVE-2022-46144

CVE-2022-46144 affects Siemens SCALANCE devices (multiple models: SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C, plus W-series variants) where CLI commands are not correctly handled after a user force quits an SSH session. This can leave the CLI via SSH or serial interface irresponsi...

CVE-2022-46144

A vulnerability has been identified in SCALANCE SC622-2C 6GK5622-2GS00-2AC2 All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 V3.0, SCALANCE WAM763-1 6GK5763-1AL00-7DA0 All versions V2.0.0, SCALANCE WAM766-1 6GK5766-1GE00-7DA0 All versions V2.0.0, SCALANCE WAM766-1 US 6GK5766-1GE00-7DB0 All...

CVE-2022-3485

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device...