CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29147
https://notcve.org/view.php?id=CVE-2023-29147
30 Jun 2023 — In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. • https://malwarebytes.com • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29145
https://notcve.org/view.php?id=CVE-2023-29145
30 Jun 2023 — The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger. • https://malwarebytes.com • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-25502
https://notcve.org/view.php?id=CVE-2020-25502
20 Jan 2023 — Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges. Cybereason EDR versión 19.1.282 y superior, 19.2.182 y superior, 20.1.343 y superior, y 20.2.X y superior tienen una vulnerabilidad de secuestro de DLL, que podría permitir a un atacante local ejecutar código con privilegios elevados. • http://cybereason.com • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37015
https://notcve.org/view.php?id=CVE-2022-37015
08 Nov 2022 — Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. El dispositivo Symantec Endpoint Detection and Response (SEDR), anterior a 4.7.0, puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema por el ... • https://support.broadcom.com/external/content/SecurityAdvisories/0/21005 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12593
https://notcve.org/view.php?id=CVE-2020-12593
18 Nov 2020 — Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Symantec Endpoint Detection & Response, versiones anteriores a 4.5, puede ser susceptible a un problema de divulgación de información, que es un tipo de vulnerabilidad que podría permitir un acceso no autorizado a datos • https://github.com/nasbench/CVE-2020-12593 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5839
https://notcve.org/view.php?id=CVE-2020-5839
08 Jul 2020 — Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Symantec Endpoint Detection And Response, versiones anteriores a 4.4, puede ser susceptible a un problema de divulgación de información, que es un tipo de vulnerabilidad que podría permitir potencialmente un acceso no autorizado a datos • https://github.com/nasbench/CVE-2020-5839 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7287 – Privilege Escalation vulnerability in EDR for Linux
https://notcve.org/view.php?id=CVE-2020-7287
08 May 2020 — Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. Una vulnerabilidad de Escalada de Privilegios en McAfee Exploit Detection and Response (EDR) para Linux versiones anteriores a 3.1.0, Hotfix 1, permite a un script o programa malicioso llevar a cabo funciones que al usuario ejecutor local no se le habían otorgado acceso. • https://kc.mcafee.com/corporate/index?page=content&id=SB10317 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7288 – Privilege Escalation vulnerability in EDR for Mac
https://notcve.org/view.php?id=CVE-2020-7288
08 May 2020 — Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. Una vulnerabilidad de Escalada de Privilegios en McAfee Exploit Detection and Response (EDR) para Mac versiones anteriores a 3.1.0 Hotfix 1, permite a un script o programa malicioso llevar a cabo funciones que al usuario ejecutor local no se le habían otorgado acceso. • https://kc.mcafee.com/corporate/index?page=content&id=SB10317 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7286 – Privilege Escalation vulnerability in EDR for Windows
https://notcve.org/view.php?id=CVE-2020-7286
08 May 2020 — Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. Una vulnerabilidad de Escalada de Privilegios en McAfee Exploit Detection and Response (EDR) para Windows versiones anteriores a 3.1.0 Hotfix 1, permite a un script o programa malicioso llevar a cabo funciones que al usuario ejecutor local no se le habían otorgado acceso. • https://kc.mcafee.com/corporate/index?page=content&id=SB10317 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-19547
https://notcve.org/view.php?id=CVE-2019-19547
13 Jan 2020 — Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec Endpoint Detection and Response (SEDR), versiones anteriores a la versión 4.3.0, puede ser susceptible a un problema de tipo cross site scripting (... • https://github.com/nasbench/CVE-2019-19547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •