CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7332 – Cross-Site Request Forgery (CSRF) in firewall ePO extension of McAfee Endpoint Security (ENS)
https://notcve.org/view.php?id=CVE-2020-7332
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. Vulnerabilidad de tipo Cross Site Request Forgery en la extensión ePO del firewall de McAfee Endpoint Security (ENS) versiones anteriores a 10.7.0, actualización de Noviembre de 2020, permite a un atacante ejecutar código HTML arbitrario debido a una configuración de seguridad incorrecta • https://kc.mcafee.com/corporate/index?page=content&id=SB10335 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7331 – Unquoted service executable path in McAfee Endpoint Security (ENS)
https://notcve.org/view.php?id=CVE-2020-7331
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. Una ruta ejecutable de servicio sin comillas en McAfee Endpoint Security (ENS) versiones anteriores a 10.7.0, actualización de Noviembre de 2020, permite a usuarios locales causar una denegación de servicio y la ejecución de archivos maliciosos por medio de archivos ejecutables cuidadosamente diseñados y nombrados • https://kc.mcafee.com/corporate/index?page=content&id=SB10335 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7329 – Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension
https://notcve.org/view.php?id=CVE-2020-7329
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. La vulnerabilidad de tipo Server-side request forgery en la extensión ePO en McAfee MVISION Endpoint versiones anteriores a 20.11, permite a atacantes remotos activar peticiones DNS del lado del servidor hacia dominios arbitrarios por medio de archivos XML cuidadosamente construidos cargados por un administrador de ePO • https://kc.mcafee.com/corporate/index?page=content&id=SB10334 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7328 – Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension
https://notcve.org/view.php?id=CVE-2020-7328
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator. La vulnerabilidad de ataque de entidad externa en la extensión de ePO en McAfee MVISION Endpoint versiones anteriores a 20.11, permite a atacantes remotos conseguir el control de un recurso o desencadenar una ejecución de código arbitraria a través de una validación de entrada incorrecta de una petición HTTP, donde el contenido del ataque ha sido cargado en ePO por un administrador de ePO • https://kc.mcafee.com/corporate/index?page=content&id=SB10334 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2020-14782 – OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)
https://notcve.org/view.php?id=CVE-2020-14782
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html https://security.gentoo.org/glsa/202101-19 https://security.netapp.com/advisory/ntap-20201023-0004 https://www.debian.org/security/2020/dsa-4779 https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2020-14782 https://bugzilla.redhat.com/show_bug.cgi?id=1889290 • CWE-295: Improper Certificate Validation •