CVE-2021-3711 OpenSSL Buffer Overflow vulnerabilityA potential buffer overflow vulnerability exists in OpenSSL, which is consumed by Git for Windows. Git for Windows is now updated to version 188.8.131.52, which addresses this issue.
CVE-2021-43877 .NET VulnerabilityAn elevation of privilege vulnerability exists in ANCM which could allow elevation of privilege when .NET core, .NET 5 and .NET 6 applications are hosted within IIS.
CVE-2021-42574 Bidirectional Text VulnerabilityBidirectional text control characters can be used to cause code to be rendered in the editor differently from what is contained on disk.
CVE-2021-42277 Diagnostics Hub Standard Collector Service Elevation of Privilege VulnerabilityAn elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector incorrectly handles file operations.
The OpenVPN community project team is proud to release OpenVPN 2.5.3. Besides a number of small improvements and bug fixes, this release fixes a possible security issue with OpenSSL config autoloading on Windows (CVE-2021-3606). Updated OpenVPN GUI is also included in Windows installers.
The OpenVPN community project team is proud to release OpenVPN 2.4.11. It fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. This release also includes other bug fixes and improvements. The I602 Windows installers fix a possible security issue with OpenSSL config autoloading on Windows (CVE-2021-3606). Updated OpenSSL and OpenVPN GUI are included in Windows installers. 041b061a72