← Back

Backblaze

backblaze

Vendor: Backblaze • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-8290
1Backblaze
1Backblaze
Nov 21, 2024
Dec 27, 2020
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directori...Show more
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.Show less
CVE-2020-8289
1Backblaze
1Backblaze
Nov 21, 2024
Dec 27, 2020
N/A· v4
7.8 HIGH· v3
9.3 HIGH· v2
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disable...Show more
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.Show less