Dell EMC Avamar and IDPA suffer from remote code execution and open redirection vulnerabilities. Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 are affected.
15cbf37afa0b2a7fcb1c42bebfcbe6cd5096b494d352554298114052d555f07dVMware Security Advisory 2018-0029 - vSphere Data Protection (VDP) updates address multiple security issues.
aacb4dd9106cc15bfa2907b119b7dd2200b2ee1142ba0840d5ada8a616b19feaDell EMC Integrated Data Protection Appliance (iDPA) contains undocumented accounts with limited access which may potentially be used by a malicious user to compromise the affected system. Versions affected include Dell EMC Integrated Data Protection Appliance 2.0 and 2.1.
ee7b725ac965aa8191ebda5c2a860b0e21c5dcb9b035ac2313c7fa81258bf185Dell EMC Unity requires an update to address an Incorrect File Permissions vulnerability with multiple files. This vulnerability may potentially be exploited by malicious local users to compromise the affected system. Dell EMC Unity Operating Environment (OE) versions 4.3.0.x and 4.3.1.x and Dell EMC UnityVSA Operating Environment (OE) versions 4.3.0.x and 4.3.1.x are affected.
116d324fb76e3037193d2d9934e1d6a69f043d23dbda365eec2cf81b23d2b544RSA BSAFE SSL-J versions prior to 6.2.4 contain a heap inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.
1d4172c4c86ce8ccc2a9a8e1b830a45d85684dcdd0d15f64044487bd617a938eRSA NetWitness Platform contains fixes for a server-side template injection security vulnerability that could potentially be exploited by malicious users to compromise the affected system. RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are affected.
ff1ff693b4f8fc020e3623a1d6a24348e440610f8a9ba3e09f843f55f38409fcRSA Archer contains a fix for a SQL injection vulnerability, in the embedded WorkPoint component that could potentially be exploited by malicious users to compromise the affected system. Versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1 are affected.
ae3ffb7abfbc6f82288de4682def59ad6670e98ee8143dea5359658b41bdd80dRSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.
028e0f072d0782b26e0ffe1aa7b8b85f2030bab0d4ec5bd24005493c11b5fa30Debian Linux Security Advisory 4207-1 - Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages.
62b118d487e09c2247075e70088dbe07c6b76b4fde60cac976ef6049f72d6450Ubuntu Security Notice 3634-1 - Matthias Gerstner discovered that PackageKit incorrectly handled authentication. A local attacker could possibly use this issue to install arbitrary packages and escalate privileges.
1e05ccf9828c6f0b5cfea424876a649f19a67620fbf71de1a1dab598c487dd64Red Hat Security Advisory 2018-1224-01 - PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Issues addressed include a bypass vulnerability.
bad710e17201049c5319f02471a51b4c1cb154a5e6001c710ddad4784dd532bf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed