CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23894 – Unauthorized deserialization of untrusted data in McAfee DBSec
https://notcve.org/view.php?id=CVE-2021-23894
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. Una vulnerabilidad de deserialización de datos no confiables en McAfee Database Security (DBSec) versiones anteriores a 4.8.2, permite a un atacante remoto no autenticado crear un shell inverso con privilegios de administrador en el servidor DBSec por medio de un objeto serializado de Java cuidadosamente construido enviado al servidor DBSec • https://kc.mcafee.com/corporate/index?page=content&id=SB10359 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 67EXPL: 0CVE-2021-23840 – Integer overflow in CipherUpdate
https://notcve.org/view.php?id=CVE-2021-23840
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846 https://kc.mcafee.com/corporate/index?page=content&id=SB10366 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https:/ • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7339 – Database Security(DBS)-Use of a Broken or Risky Cryptographic Algorithm
https://notcve.org/view.php?id=CVE-2020-7339
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors. Una vulnerabilidad de Uso de Algoritmo Criptográfico Roto o Arriesgado en McAfee Database Security Server and Sensor versiones anteriores a 4.8.0, en forma de un certificado firmado SHA1 que permitiría a un atacante en la misma red local interceptar potencialmente la comunicación entre el servidor y los sensores. • https://kc.mcafee.com/corporate/index?page=content&id=SB10340 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3615 – Data Leakage Vulnerability in McAfee Database Security web interface
https://notcve.org/view.php?id=CVE-2019-3615
Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen. Una vulnerabilidad de fuga de datos en la interfaz web de McAffee Database Security, en versiones anteriores a la actualización 4.6.6 de marzo de 2019, permite a los usuarios locales exponer contraseñas mediante el autorelleno de campos de contraseña incorrecto en la pantalla de inicio de sesión del navegador de administrador. • http://www.securityfocus.com/bid/107385 https://kc.mcafee.com/corporate/index?page=content&id=SB10277 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •