CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6014
https://notcve.org/view.php?id=CVE-2020-6014
30 Oct 2020 — Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. Check Point Endpoint Security Client para Windows, con blades Anti-Bot o Threat Emulation instalados, antes ... • https://supportcontent.checkpoint.com/solutions?id=sk168081 • CWE-114: Process Control CWE-426: Untrusted Search Path •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7323 – Authentication Protection Bypass vulnerability in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7323
09 Sep 2020 — Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine. Una vulnerabilidad de Omisión de Protección de Autenticación en McAfee Endpoint Security (ENS) para Windows ver... • https://kc.mcafee.com/corporate/index?page=content&id=SB10327 • CWE-287: Improper Authentication •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7322 – Exposure of Sensitive Information in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7322
09 Sep 2020 — Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. Una vulnerabilidad de divulgación de información en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Actualización de Septiembre de 2020, permite a usuarios locales obtener acceso a información confidencial mediante el registro incorrecto de i... • https://kc.mcafee.com/corporate/index?page=content&id=SB10327 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7319 – Improper Access Control Vulnerability in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7319
09 Sep 2020 — Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. Una vulnerabilidad de Control de Acceso Inapropiado en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Actualización de Septiembre de 2020, permite a usuarios locales acceder a archivos a l... • https://kc.mcafee.com/corporate/index?page=content&id=SB10327 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7320 – Protection Mechanism Failure in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7320
09 Sep 2020 — Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services. Una vulnerabilidad de Fallo del Mecanismo de Protección en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Actualización de Septiembre de 2020, permite al administrador local reducir temporalmente la c... • https://kc.mcafee.com/corporate/index?page=content&id=SB10327 • CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7265 – Privilege Escalation vulnerability through symbolic links in ENSM
https://notcve.org/view.php?id=CVE-2020-7265
08 May 2020 — Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. Una vulnerabilidad de Escalada de Privilegios en McAfee Endpoint Security (ENS) para Mac versiones anteriores a 10.6.9, permite a usuarios locales eliminar archivos... • https://kc.mcafee.com/corporate/index?page=content&id=SB10316 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7264 – Privilege Escalation vulnerability through symbolic links in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7264
08 May 2020 — Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. Una vulnerabilidad de Escalada de Privilegios en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Hotfix 199847, permite ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10316 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7255 – Privilege Escalation vulnerability in ENS
https://notcve.org/view.php?id=CVE-2020-7255
15 Apr 2020 — Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration. Una vulnerabilidad de escalada de privilegios en la interfaz administrativa de usuario en McAfee End... • https://kc.mcafee.com/corporate/index?page=content&id=SB10309 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7250 – ENS symbolic link log file manipulation vulnerability
https://notcve.org/view.php?id=CVE-2020-7250
15 Apr 2020 — Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. Una vulnerabilidad de manipulación en enlaces simbólicos en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Update de Abri... • https://kc.mcafee.com/corporate/index?page=content&id=SB10309 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7257 – Privilege Escalation vulnerability through Symbolic links in ENS
https://notcve.org/view.php?id=CVE-2020-7257
15 Apr 2020 — Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent. Una vulnerabilidad de escalada de privilegios en McAfee Endpoint Security (ENS) para Windows versión anterior a 10.7.0 Update de Febrero de 2020, permite a usuarios locales ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10309 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •