Security updates on vulnerabilities

This page lists security vulnerability fixes made in Device Control Plus.

Follow general security recommendations to fortify your Device Control Server.

CVE	Synopsis	Severity
USB debugging: Unsupported device type issue	Allows Android mobile devices to access the system despite an active Block policy.	LOW
Privilege Escalation Vulnerability	A Privilege Escalation vulnerability raised in ManageEngine Bug Bounty program.	HIGH
Authenticated SQL Injection Vulnerability (CVE-2022-47523)	A SQL injection (SQLi) vulnerability.	CRITICAL
CVE-2020-1968	The Raccoon attack exploits a flaw in the TLS specification.	LOW
CVE-2020-13943	HTTP/2 pseudo headers.	MEDIUM
CVE-2020-9490	A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request resulted in a crash.	HIGH
CVE-2020-13935	Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.	HIGH
CVE-2020-13934	OutOfMemoryException leads to a denial of service.	HIGH
CVE-2020-14350	PostgreSQL extensions did not use search_path safely in their installation script.	HIGH
CVE-2020-11984	Integer overflow in the mod_proxy_uwsgi.	CRITICAL
CVE-2020-11993	Concurrent use of memory pools on the HTTP/2 module.	HIGH
Integer Overflow Vulnerability (CVE-2020-15588)	Integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate leading to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges.	CRITICAL
CVE-2020-11996	Triggers high CPU usage for several seconds, rendering the server unresponsive.	HIGH
CVE-2020-9484	Allows any anonymous attacker with internet access to submit a malicious request to a Tomcat Server that has PersistentManager enabled using FileStore.	HIGH
Remote Code Execution Vulnerability (CVE-2021-44228)	Allows malicious users to execute arbitrary code on a machine or pod loaded from LDAP servers by using a bug found in the log4j library.	CRITICAL