Veritas Backup Exec Code Issue Vulnerability

Veritas Technologies Veritas Backup Exec is a powerful suite of data backup and recovery tools from Veritas Technologies. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies installation and improves manageability...

CVE-2020-10143

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate...

CVE-2020-10139

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkinsagent. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system...

GitLab Runner Code Issue Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A code issue vulnerability exists in GitLab Runner versio...

CVE-2020-8224

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory...

Fedora 31 : xar (2020-edf53cd770)

The remote Fedora 31 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2020-edf53cd770 advisory. - Use Apple upstream instead of non-fresh Github one - New upstream in 1.8 dev branch with 417.1 subversion - Close CVE-2018-17093 - Close...

Symantec Endpoint Protection Manager OpenSSL Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2019-2390

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; Mongo...

mongodb -- Bump Windows package dependencies

Rich Mirch reports: An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utili...

CVE-2019-12572

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client 1.0.2 build 02363 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service pia-service.exe loads the OpenSSL library from...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™

Summary Node.js vulnerabilities in Node.js and the V8 Javascript engine were disclosed on October 18 2016, by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-5180 DESCRIPTION: The V8 Javascript engine, as used in Google Chrome O...

CVE-2008-7278

The S/MIME feature in Open Ticket Request System OTRS before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available fo...