[SECURITY] Fedora 34 Update: glibc-2.33-5.fc34

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

CVE-2020-27871

This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

CVE-2020-25245

A vulnerability has been identified in DIGSI 4 All versions V4.94 SP1 HF 1. Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM...

[SECURITY] Fedora 33 Update: glibc-2.32-3.fc33

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

CVE-2020-36164

An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file which does not exist at the following locations in both the System drive typically C:\ and the product's...

CVE-2020-36168

An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By default, on Windo...

CVE-2020-36165

An issue was discovered in Veritas Desktop and Laptop Option DLO before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create...

CVE-2020-36166

An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager aka VIOM Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from...

CVE-2020-10139

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkinsagent. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system...

Vulnerabilities fixed in Acronis Cyber Backup and True Image

Acronis has fixed multiple vulnerabilities in Cyber Backup and True Image. A local malicious party could potentially exploit them to execute arbitrary code under SYSTEM privileges. To do this, a rogue file must be placed in a specific folder on the file system. Acronis has released updates to fix...

Foxit PhantomPDF Elevation of Privilege Vulnerability

PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. An elevation of privilege vulnerability exists in Foxit PhantomPDF 10.0.1.35811 and earlier versions in the handling of configuration files used by the update service. The vulnerability ste...

Trend Micro Apex One Authentication Bypass Vulnerability

Trend Micro Apex One is an endpoint protection solution that offers the broadest range of protection capabilities, including high-accuracy machine learning and advanced ransomware protection. An authentication bypass vulnerability exists in Trend Micro Apex One. An attacker could use this...

Trend Micro Apex One elevation of privilege vulnerability (CNVD-2020-52195)

Trend Micro Apex One is an endpoint protection solution that offers the broadest range of protection capabilities, including high-accuracy machine learning and advanced ransomware protection. An elevation of privilege vulnerability exists in the logic that controls access to the Misc folder in th...

[SECURITY] Fedora 31 Update: glibc-2.30-13.fc31

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

[SECURITY] Fedora 32 Update: glibc-2.31-4.fc32

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

(Pwn2Own) Rockwell Automation FactoryTalk View SE Backup Missing Authentication for Critical Function Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Rockwell Automation FactoryTalk View SE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of project backups. The issue results from lack of...

CVE-2020-8948

The Sierra Wireless Windows Mobile Broadband Driver Packages MBDP before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges...

CVE-2020-10642

In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic...

CVE-2020-10515

STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006...

[SECURITY] Fedora 30 Update: glibc-2.29-28.fc30

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...