96 matches found
CVE-2023-4896
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices...
Authentication flaw
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...
CVE-2023-34392 Missing Authentication for Critical Function
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...
ZKTeco BioAccess IVS Information Disclosure Vulnerability
ZKTeco BioAccess IVS is a lite web-based security platform from ZKTeco, China. An information disclosure vulnerability exists in ZKTeco BioAccess IVS, which can be exploited by an attacker to obtain sensitive information about all managed devices...
Microsoft Teams used in phishing campaign to bypass multi-factor authentication
Attackers believed to have ties to Russia's Foreign Intelligence Service SVR are using Microsoft Teams chats as credential theft phishing lures. Microsoft Threat Intelligence has posted details about the perceived attacks targeted at fewer than 40 unique global organizations. The targeted...
CVE-2023-38955
ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names...
ZKTeco BioAccess IVS 安全漏洞
ZKTeco BioAccess IVS is a lite web-based security platform from ZKTeco, China. An information disclosure vulnerability exists in ZKTeco BioAccess IVS, which can be exploited by an attacker to obtain sensitive information about all managed devices...
CVE-2023-2587
Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger...
SUSE CVE-2022-2606
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page...
New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices
A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users...
CVE-2022-38757
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions e.g., install a bundle on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone bu...
CVE-2022-38757
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions e.g., install a bundle on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone bu...
Design/Logic Flaw
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions e.g., install a bundle on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone bu...
CVE-2022-38757 CVE-2022-38757 ZENworks
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions e.g., install a bundle on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone bu...
Micro Focus ZENworks 安全漏洞
Micro Focus ZENworks is a suite of software products for computer systems management from Micro Focus UK. Designed to manage the entire lifecycle of servers, desktop PCs Windows, Linux, or Mac, laptops, and handheld devices such as Android and iOS phones and tablets. A security vulnerability exis...
PT-2022-24555 · Micro Focus · Micro Focus Zenworks
Name of the Vulnerable Software and Affected Versions: Micro Focus ZENworks versions 2020 Update 3a and prior Description: A vulnerability has been identified that allows administrators with rights to perform actions, such as installing a bundle, on a set of managed devices, to exercise these...
Design/Logic Flaw
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control SD-AVC on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10092-1 Rating: important References: 1202075 Cross-References: CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612...
CVE-2022-2606
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page...
DEBIAN-CVE-2022-2606
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page...