Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
endpoint encryption vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv2
CVE-2013-5636
Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate malicious users to bypass the device-locking protection mechanism by overwriting DVREM...
Checkpoint Endpoint Security E80.40
Checkpoint Endpoint Security E80.41
Checkpoint Endpoint Security E80.50
Checkpoint Endpoint Security E80
Checkpoint Endpoint Security E80.10
Checkpoint Endpoint Security E80.30
Checkpoint Endpoint Security E80.20
2.1
CVSSv2
CVE-2018-9233
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for malicious users to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow...
Sophos Endpoint Protection 10.7
1 EDB exploit
4.6
CVSSv2
CVE-2020-26200
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky En...
Kaspersky Endpoint Security 10
Kaspersky Endpoint Security 11.0.0
Kaspersky Endpoint Security 11.0.1
Kaspersky Endpoint Security 11.1.0
Kaspersky Rescue Disk
NA
CVE-2022-4304
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of ...
Openssl Openssl
Stormshield Stormshield Network Security
Stormshield Endpoint Security
Stormshield Sslvpn
1 Github repository
NA
CVE-2023-6105
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt prod...
Zohocorp Manageengine Mobile Device Manager Plus 10.1.2207.4
Zohocorp Manageengine Appcreator
Zohocorp Manageengine Analytics Plus
Zohocorp Manageengine Endpoint Central Msp
Zohocorp Manageengine Endpoint Central
Zohocorp Manageengine Remote Monitoring And Management
Zohocorp Manageengine Os Deployer
Zohocorp Manageengine Remote Access Plus
Zohocorp Manageengine Mobile Device Manager Plus
Zohocorp Manageengine Application Control Plus
Zohocorp Manageengine Vulnerability Manager Plus
Zohocorp Manageengine Browser Security Plus
Zohocorp Manageengine Patch Manager Plus
Zohocorp Manageengine Device Control Plus
Zohocorp Manageengine Endpoint Dlp Plus
Zohocorp Manageengine Adselfservice Plus 6.3
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.2
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Cloud Security Plus 4.1
2.7
CVSSv2
CVE-2019-12376
Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges.
Ivanti Landesk Management Suite 10.0.1.168
NA
CVE-2023-4680
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially d...
Hashicorp Vault
NA
CVE-2014-8565
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8518. Reason: This candidate is a duplicate of CVE-2014-8518. Notes: All CVE users should reference CVE-2014-8518 instead of this candidate. All references and descriptions in this candidate have been removed...
8.3
CVSSv2
CVE-2021-27254
This vulnerability allows network-adjacent malicious users to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the u...
Netgear Br200 Firmware
Netgear Br500 Firmware
Netgear D7800 Firmware
Netgear Ex6100v2 Firmware
Netgear Ex6150v2 Firmware
Netgear Ex6250 Firmware
Netgear Ex6400 Firmware
Netgear Ex6400v2 Firmware
Netgear Ex6410 Firmware
Netgear Ex6420 Firmware
Netgear Ex7300 Firmware
Netgear Ex7300v2 Firmware
Netgear Ex7320 Firmware
Netgear Ex7700 Firmware
Netgear Ex8000 Firmware
Netgear Lbr20 Firmware
Netgear R7800 Firmware
Netgear R8900 Firmware
Netgear R9000 Firmware
Netgear Rbk12 Firmware
Netgear Rbk13 Firmware
Netgear Rbk14 Firmware
NA
CVE-2023-28005
A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the ...
Trendmicro Trend Micro Endpoint Encryption
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »