Silton Santos

**Name of the Vulnerable Software and Affected Versions** ZKTeco ZKBioSecurity V5000 version 3.0.5 r **Description** An access control issue allows attackers to arbitrarily create admin users via a crafted HTTP request. **Recommendations** For ZKTeco ZKBioSecurity V5000 version 3.0.5 r, consider restricting access to the admin user creation functionality until a patch is available. As a temporary workaround, monitor user account creations closely to detect and respond to potential unauthorized admin user additions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Avira Free Security Suite version 10 **Description** An issue in Avira Free Security Suite allows unprivileged users to obtain SYSTEM privileges due to permissive access rights on the SoftwareUpdater folder. This can be exploited by creating pseudo-symbolic links to arbitrary files, which can be used to achieve arbitrary file creation when an update occurs. The privileged service sets access rights, offering write access to the Everyone group in any directory. **Recommendations** For Avira Free Security Suite version 10, consider restricting access to the SoftwareUpdater folder and its configuration files to prevent unprivileged users from replacing files with pseudo-symbolic links until a fix is available. As a temporary workaround, restrict write access to the Everyone group in any directory to minimize the risk of exploitation.