CVSS: 5.8EPSS: 0%CPEs: 32EXPL: 0CVE-2020-14792 – OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114)
https://notcve.org/view.php?id=CVE-2020-14792
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html https://security.gentoo.org/glsa/202101-19 https://security.netapp.com/advisory/ntap-20201023-0004 https://www.debian.org/security/2020/dsa-4779 https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2020-14792 https://bugzilla.redhat.com/show_bug.cgi?id=1889280 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7327 – McAfee MVEDR - Improperly implemented security check
https://notcve.org/view.php?id=CVE-2020-7327
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed Una comprobación de seguridad implementada inapropiadamente en McAfee MVISION Endpoint Detection and Response Client (MVEDR) versiones anteriores a 3.2.0, puede permitir a administradores locales ejecutar código malicioso por medio de la detención de un servicio principal de Windows, dejando el componente de confianza principal de McAfee en un estado inconsistente, resultando en que MVEDR sea abierto erradamente en lugar de cerrarse • https://kc.mcafee.com/corporate/index?page=content&id=SB10331 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7326 – McAfee MAR - Improperly implemented security check
https://notcve.org/view.php?id=CVE-2020-7326
Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed Una comprobación de seguridad implementada inapropiadamente en McAfee Active Response (MAR) versiones anteriores a 2.4.4, puede permitir a administradores locales ejecutar código malicioso por medio de la detención de un servicio principal de Windows, dejando el componente de confianza principal de McAfee en un estado inconsistente, resultando en que MAR sea abierto erradamente en lugar de cerrarse • https://kc.mcafee.com/corporate/index?page=content&id=SB10331 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7334 – Improper privilege assignment vulnerability in the installer component of MACC
https://notcve.org/view.php?id=CVE-2020-7334
Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software. Una vulnerabilidad de asignación de privilegios inapropiada en el instalador McAfee Application and Change Control (MACC) versiones anteriores a 8.3.2, permite a administradores locales cambiar o actualizar unos valores de configuración por medio de un MSI cuidadosamente construido para imitar al instalador original. Esta versión incorpora más controles para la instalación y desinstalación de software • https://kc.mcafee.com/corporate/index?page=content&id=SB10333 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7317 – ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2020-7317
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed. Una vulnerabilidad de tipo Cross-Site Scripting en McAfee ePolicy Orchistrator (ePO) versiones anteriores a 5.10.9 Update 9, permite a administradores inyectar script web o HTML arbitrario por medio de valores de parámetros para "syncPointList" no ha sido saneado correctamente • https://kc.mcafee.com/corporate/index?page=content&id=SB10332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •