Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges.

Published at: October 27, 2020 at 01:15PM
View on website

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user’s encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.

Published at: October 27, 2020 at 10:15AM
View on website

checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.

Published at: October 27, 2020 at 12:15AM
View on website

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

Published at: October 23, 2020 at 01:15AM
View on website

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).

Published at: October 23, 2020 at 01:15AM
View on website