CVE-2020-36164

An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file which does not exist at the following locations in both the System drive typically C:\ and the product's...

CVE-2020-36168

An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By default, on Windo...

CVE-2020-36165

An issue was discovered in Veritas Desktop and Laptop Option DLO before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create...

CVE-2020-36166

An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager aka VIOM Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from...

CVE-2020-10139

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkinsagent. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system...

Foxit PhantomPDF Elevation of Privilege Vulnerability

PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. An elevation of privilege vulnerability exists in Foxit PhantomPDF 10.0.1.35811 and earlier versions in the handling of configuration files used by the update service. The vulnerability ste...

Trend Micro Apex One Authentication Bypass Vulnerability

Trend Micro Apex One is an endpoint protection solution that offers the broadest range of protection capabilities, including high-accuracy machine learning and advanced ransomware protection. An authentication bypass vulnerability exists in Trend Micro Apex One. An attacker could use this...

Trend Micro Apex One elevation of privilege vulnerability (CNVD-2020-52195)

Trend Micro Apex One is an endpoint protection solution that offers the broadest range of protection capabilities, including high-accuracy machine learning and advanced ransomware protection. An elevation of privilege vulnerability exists in the logic that controls access to the Misc folder in th...

(Pwn2Own) Rockwell Automation FactoryTalk View SE Backup Missing Authentication for Critical Function Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Rockwell Automation FactoryTalk View SE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of project backups. The issue results from lack of...

CVE-2020-8948

The Sierra Wireless Windows Mobile Broadband Driver Packages MBDP before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges...

CVE-2020-10642

In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic...

CVE-2020-10515

STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006...

CVE-2019-19929

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product...

Beckhoff TwinCAT Elevation of Privilege Vulnerability

Beckhoff TwinCAT is a suite of programming software for Programmable Logic Controllers PLCs from Beckhoff in Germany. A security vulnerability exists in Beckhoff TwinCAT version 2/3. The vulnerability can be exploited to execute code with SYSTEM privileges using the Beckhoff ADS protocol...

Unspecified Vulnerability in Tecno Camon iClick 2

The Transn Tecno Camon iClick 2 is a smartphone from the Chinese company Transn. An unspecified vulnerability exists in Tecno Camon iClick 2. The vulnerability can be exploited to execute code or commands with system privileges to record the screen, restore factory settings, obtain user's Wi-Fi...

Argus Surveillance DVR System Elevation of Privilege Vulnerability

Argus Surveillance DVR is a video playback tool. A system elevation of privilege vulnerability exists in the Argus Surveillance DVR 4.0.0.0 device, where placement of a trojan file DLL named "gsmcodec.dll" in the Argus application directory will result in arbitrary code execution with SYSTEM...

CVE-2018-6852

Vulnerability: Local Privilege Escalation in Sophos SafeGuard Enterprise (pre-8.00.5), SafeGuard Easy (pre-7.00.3), and SafeGuard LAN Crypt (pre-3.95.2). Root cause: crafted input buffer via IOCTL 0x80202298 allows control of execution to the nt!memset call, enabling zeroing of a user‑controlled ...

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerability (CVE-2017-1000366)

Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerability. CVE-2017-1000366 Vulnerability Details CVEID: CVE-2017-1000366 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a vulnerability that allows specially...

CyberGhost for Windows Privilege Exploit

CyberGhost for Windows is a Windows-based VPN software. A power lifting vulnerability exists in CyberGhost version 6.5.0.3180 for Windows-based platforms, which stems from a NetNamedPipe endpoint created by the CG6Service service that allows installed applications to connect and invoke publicly...

NordVPN Elevation of Privilege Vulnerability

NordVPN for Windows is a Windows-based VPN software for anonymous access to the Internet. A lifting vulnerability in version 6.12.7.0 of NordVPN for Windows-based platforms stems from a NetNamedPipe endpoint created by the 'nordvpn-service' service that allows arbitrary installed applications to...