CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31839 – Incorrect permissions on McAfee Agent for Windows event folder
https://notcve.org/view.php?id=CVE-2021-31839
10 Jun 2021 — Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server. Una vulnerabilidad de gestión de privilegios inapropiada en McAfee Agent para Windows anterior a versión 5.7.3 permite a un usuario local modificar la información de eventos en la carpeta de eventos de MA. Esto permite a... • https://kc.mcafee.com/corporate/index?page=content&id=SB10362 • CWE-269: Improper Privilege Management •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
25 Mar 2021 — The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectivel... • http://www.openwall.com/lists/oss-security/2021/03/27/1 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-1257 – Cisco DNA Center Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2021-1257
20 Jan 2021 — A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a spe... • https://kc.mcafee.com/corporate/index?page=content&id=SB10382 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7343 – Improper Authorization vulnerability in MA
https://notcve.org/view.php?id=CVE-2020-7343
18 Jan 2021 — Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files. Una vulnerabilidad de falta de Autorización en McAfee Agent (MA) para Windows versiones anteriores a 5.7.1, permite a usuarios locales bloquear las actualizaciones de productos de McAfee al manipular un directorio usado por MA para archivos tem... • https://kc.mcafee.com/corporate/index?page=content&id=SB10343 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-1258 – Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2021-1258
13 Jan 2021 — A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS o... • https://kc.mcafee.com/corporate/index?page=content&id=SB10382 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7315 – DLL Injection vulnerability in MA for Windows
https://notcve.org/view.php?id=CVE-2020-7315
10 Sep 2020 — DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. Una vulnerabilidad de inyección DLL en McAfee Agent (MA) para Windows versiones anteriores a 5.6.6, permite a usuarios locales ejecutar código arbitrario por medio de la colocación cuidadosa de una DLL maliciosa • https://kc.mcafee.com/corporate/index?page=content&id=SB10325 • CWE-426: Untrusted Search Path •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7314 – Privilege Escalation vulnerability in McAfee DXL for Mac
https://notcve.org/view.php?id=CVE-2020-7314
10 Sep 2020 — Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. Una vulnerabilidad de Escalada de Privilegios en el instalador en McAfee Data Exchange Layer (DXL) Client para Mac incluido con McAfee Agent (MA) para Mac versiones anteriores a MA 5.6.6, permite a usuarios locales ejecutar comandos como root por medio ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10325 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7311 – Privilege Escalation vulnerability in MA for Windows
https://notcve.org/view.php?id=CVE-2020-7311
10 Sep 2020 — Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. Una vulnerabilidad de escalamiento de privilegios en el instalador de McAfee Agent (MA) para Windows versiones anteriores a 5.6.6, permite a usuarios locales asumir derechos SYSTEM durante la instalación de MA mediante la manipulación de archivos de registro • https://kc.mcafee.com/corporate/index?page=content&id=SB10325 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7312 – DLL Search Order Hijacking in MA for Windows
https://notcve.org/view.php?id=CVE-2020-7312
10 Sep 2020 — DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. Una Vulnerabilidad de Secuestro de Órdenes de Búsqueda de DLL en el instalador de McAfee Agent (MA) para Windows versiones anteriores a 5.6.6, permite a usuarios locales ejecutar código arbitrario y escalar privilegios por medio de una ejecución desde una carpeta comprometida • https://kc.mcafee.com/corporate/index?page=content&id=SB10325 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2020-14621 – OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
https://notcve.org/view.php?id=CVE-2020-14621
15 Jul 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Thi... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html • CWE-20: Improper Input Validation •