Lucene search
K

58 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:10 a.m.8 views

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

7.8CVSS7.1AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.3 views

PT-2026-1094

Name of the Vulnerable Software and Affected Versions Qfinder Pro Mac versions prior to 7.13.0 Qsync for Mac versions prior to 5.1.5 QVPN Device Client for Mac versions prior to 2.2.8 Description A path traversal issue exists that could allow a local attacker with a user account to read the...

7.3CVSS6.2AI score0.00112EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/16 2:52 p.m.5 views

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

3.1CVSS6.7AI score0.00083EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 3:16 p.m.4 views

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

3.1CVSS0.00083EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 2:25 p.m.9 views

CVE-2025-6026

CVE-2025-6026 concerns Lenovo Universal Device Client (UDC). The issue is improper certificate validation that could allow an attacker capable of intercepting network traffic to access application metadata, including device information, geolocation, and telemetry data. The security details indica...

3.1CVSS6.3AI score0.00083EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.1 views

Lenovo Universal Device Client 安全漏洞

Lenovo Universal Device Client is a universal device client from Lenovo China. A security vulnerability exists in Lenovo Universal Device Client, which stems from improper certificate validation, and could allow a user who intercepts network traffic to obtain encrypted application metadata...

3.1CVSS6.6AI score0.00083EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-32096

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00163EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-43769

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-27471

Malicious code in bioql PyPI...

5.2CVSS5.1AI score0.00107EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-27470

Malicious code in bioql PyPI...

6.7CVSS5.1AI score0.00154EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58579

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/16 4:11 p.m.4 views

CVE-2023-53307 rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...

0.0015EPSS
Exploits0References8
OSV
OSV
added 2025/05/26 6:9 a.m.4 views

MAL-2025-4564 Malicious code in iot-sdk-device-client-rest-api (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7292c16917957be9e3511b347ab46a5b84d68d182f759d96859e22b934d013f Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:13 a.m.9 views

CVE-2023-23371

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following...

5.2CVSS6.1AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.17 views

CVE-2023-6338

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client UDC that could allow an attacker with local access to execute code with elevated privileges...

7.8CVSS7.4AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:44 a.m.10 views

CVE-2023-3078

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client UDC that could allow an attacker with local access to execute code with elevated privileges...

7.8CVSS7.1AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:38 a.m.6 views

CVE-2023-23370

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have...

6.7CVSS6.5AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/07 4:13 p.m.18 views

CVE-2024-53694 QVPN Device Client, Qsync, Qfinder Pro

A time-of-check time-of-use TOCTOU race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability...

8.6CVSS0.00118EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/07 4:13 p.m.7 views

CVE-2024-53694 QVPN Device Client, Qsync, Qfinder Pro

A time-of-check time-of-use TOCTOU race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability...

8.6CVSS7.2AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 2025/03/07 4:13 p.m.50 views

CVE-2024-53694

The CVE-2024-53694 issue is a TOCTOU race condition affecting QNAP products: QVPN Device Client for Mac, Qsync for Mac, and Qfinder Pro Mac. The vulnerability could allow local attackers with user access to access otherwise unauthorized resources. Mitigation/fix: patches are available in QVPN Dev...

8.6CVSS7.2AI score0.00118EPSS
Exploits0References1
Rows per page
Query Builder