CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31844 – Local Privilege Escalation in McAfee DLP Endpoint for Windows
https://notcve.org/view.php?id=CVE-2021-31844
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. Una vulnerabilidad de desbordamiento del búfer en McAfee Data Loss Prevention (DLP) Endpoint para Windows versiones anteriores a 11.6.200, permite a un atacante local ejecutar código arbitrario con privilegios elevados mediante la colocación de archivos Ami Pro (.sam) cuidadosamente construidos en el sistema local y desencadenando un análisis de DLP Endpoint mediante el acceso a un archivo. Esto es causado porque el búfer de destino es de tamaño fijo y se realizan comprobaciones incorrectas del tamaño de origen • https://kc.mcafee.com/corporate/index?page=content&id=SB10368 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31845 – Remote Code Execution in McAfee DLP Discover
https://notcve.org/view.php?id=CVE-2021-31845
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. Una vulnerabilidad de desbordamiento de búfer en McAfee Data Loss Prevention (DLP) Discover versiones anteriores a 11.6.100, permite a un atacante que se encuentre en la misma red que DLP Discover ejecutar código arbitrario mediante la colocación de archivos Ami Pro (.sam) cuidadosamente construidos en una máquina y haciendo que DLP Discover la analice, conllevando a una ejecución de código remota con privilegios elevados. Esto es causado porque el búfer de destino es de tamaño fijo y comprobaciones incorrectas han sido realizadas en el tamaño de origen • https://kc.mcafee.com/corporate/index?page=content&id=SB10368 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-31843 – Improper access control vulnerability in McAfee ENS for Windows
https://notcve.org/view.php?id=CVE-2021-31843
Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. Una vulnerabilidad de administración de privilegios inapropiada en McAfee Endpoint Security (ENS) Windows versiones anteriores a la actualización 10.7.0 de septiembre de 2021, permite a usuarios locales acceder a archivos a los que no tendrían acceso por medio de la manipulación de enlaces de unión para redirigir las operaciones de carpetas de McAfee a una ubicación no deseada • https://kc.mcafee.com/corporate/index?page=content&id=SB10367 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-31842
https://notcve.org/view.php?id=CVE-2021-31842
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. Una vulnerabilidad de tipo XML Entity Expansion injection en McAfee Endpoint Security (ENS) para Windows versiones anteriores a la actualización 10.7.0 de septiembre de 2021, permite a un usuario local iniciar un elevado consumo de CPU y memoria resultando en un ataque de denegación de servicio mediante la edición cuidadosa del archivo EPDeploy.xml y la posterior ejecución del proceso de instalación • https://kc.mcafee.com/corporate/index?page=content&id=SB10367 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3712 – Read buffer overruns processing ASN.1 strings
https://notcve.org/view.php?id=CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. • http://www.openwall.com/lists/oss-security/2021/08/26/2 https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12 https://kc.mcafee.com/corporate/index?page=content&id=SB10366 https://lists.apache.org/thread.html/r18995de860f0e63635f3008f • CWE-125: Out-of-bounds Read •