4 matches found
CVE-2020-8290
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in bztransmit helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary...
CVE-2020-8289
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in bztransmit helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality...
CVE-2020-8289
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in bztransmit helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality...
Backblaze 信任管理问题漏洞
Backblaze is a cloud backup service from Backblaze, Inc. in the United States. A trust management issue vulnerability exists in Backblaze for Windows prior to 7.0.1.433 and Backblaze for macOS prior to 7.0.1.434, which stems from suffering improper certificate validation in the bztransmit helper...