23 matches found
EUVD-2020-4802
Malware in sbrugna...
EUVD-2024-19945
Malicious code in bioql PyPI...
EUVD-2023-25663
Malicious code in bioql PyPI...
CVE-2023-21495
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set...
ASB-A-324321147
In rebootRecoveryWithCommand of RecoverySystemService.java, there is a possible way to bypass a factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
Detecting evolving threats: NetSupport RAT campaign
Cisco Talos is actively tracking multiple malware campaigns that utilize NetSupport RAT for persistent infections. These campaigns evade detection through obfuscation and updates. Snort can provide a strong defense before this malware reaches endpoints. In this first Deep Dive with NTDR, we explo...
CVE-2024-22388
Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys...
Design/Logic Flaw
Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys...
CVE-2024-22388 Insecure Default Initialization of Resource in HID Global
Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys...
CVE-2024-22388 Insecure Default Initialization of Resource in HID Global
Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys...
CVE-2024-22388
CVE-2024-22388 affects HID Global devices configured as encoders (e.g., iCLASS SE CP1000 Encoder, iCLASS SE Readers/Modules/Processors, OMNIKEY 5427CK/5127CK/5023/5027). Root cause: improper authorization in the encoder communication channel enables exposure of sensitive data when reader configur...
Attacking EFB updates
Software So who actually develops the software installed on Electronic Flight Bags EFBs? The software can originate from a large range of sources: System software developers including the OS, drivers, firmware and utility The aircraft manufacturer for Installed & Portable EFB devices The airline...
Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Korenix Technology JetWave products: JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, JetWave 3220 vulnerable version...
Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Korenix Technology products: Korenix: JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet...
CVE-2020-12500
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions allows unauthenticated device administration...
Authorization
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions allows unauthenticated device administration...
CVE-2020-12502
CVE-2020-12502 describes an Improper Authorization vulnerability affecting Pepperl+Fuchs P+F Comtrol RocketLinx devices (ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DI...
CVE-2020-12500 Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions allows unauthenticated device administration...
CVE-2020-12500
CVE-2020-12500 describes an improper authorization vulnerability that permits unauthenticated device administration on Pepperl+Fuchs P+F Comtrol RocketLinx models (e.g., ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT) an...
How To Migrate from Device Administration to Android Enterprise
This article discusses considerations and recommendations for migrating from legacy Android device administration to Android Enterprise. Google is deprecating the Android Device Administration API. That API supported enterprise apps on Android devices. Android Enterprise is the modern management...