CVE-2020-5839
https://notcve.org/view.php?id=CVE-2020-5839
Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Symantec Endpoint Detection And Response, versiones anteriores a 4.4, puede ser susceptible a un problema de divulgación de información, que es un tipo de vulnerabilidad que podría permitir potencialmente un acceso no autorizado a datos • https://github.com/nasbench/CVE-2020-5839 https://support.broadcom.com/security-advisory/content/security-advisories/SEDR-Information-Disclosure/SYMSA16090 •
CVE-2020-7287 – Privilege Escalation vulnerability in EDR for Linux
https://notcve.org/view.php?id=CVE-2020-7287
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. Una vulnerabilidad de Escalada de Privilegios en McAfee Exploit Detection and Response (EDR) para Linux versiones anteriores a 3.1.0, Hotfix 1, permite a un script o programa malicioso llevar a cabo funciones que al usuario ejecutor local no se le habían otorgado acceso. • https://kc.mcafee.com/corporate/index?page=content&id=SB10317 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVE-2020-7288 – Privilege Escalation vulnerability in EDR for Mac
https://notcve.org/view.php?id=CVE-2020-7288
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. Una vulnerabilidad de Escalada de Privilegios en McAfee Exploit Detection and Response (EDR) para Mac versiones anteriores a 3.1.0 Hotfix 1, permite a un script o programa malicioso llevar a cabo funciones que al usuario ejecutor local no se le habían otorgado acceso. • https://kc.mcafee.com/corporate/index?page=content&id=SB10317 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVE-2020-7286 – Privilege Escalation vulnerability in EDR for Windows
https://notcve.org/view.php?id=CVE-2020-7286
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. Una vulnerabilidad de Escalada de Privilegios en McAfee Exploit Detection and Response (EDR) para Windows versiones anteriores a 3.1.0 Hotfix 1, permite a un script o programa malicioso llevar a cabo funciones que al usuario ejecutor local no se le habían otorgado acceso. • https://kc.mcafee.com/corporate/index?page=content&id=SB10317 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVE-2019-19547
https://notcve.org/view.php?id=CVE-2019-19547
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec Endpoint Detection and Response (SEDR), versiones anteriores a la versión 4.3.0, puede ser susceptible a un problema de tipo cross site scripting (XSS). Un XSS es un tipo de problema que puede habilitar a atacantes para inyectar scripts del lado del cliente en páginas web visualizadas por otros usuarios. • https://github.com/nasbench/CVE-2019-19547 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN https://support.symantec.com/us/en/article.SYMSA1502.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •