CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7253 – Improper access control vulnerability in McAfee Agent
https://notcve.org/view.php?id=CVE-2020-7253
Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility. Una vulnerabilidad de control de acceso inapropiado en el archivo masvc.exe en McAfee Agent (MA) versiones anteriores a 5.6.4, permite a usuarios locales con privilegios de administrador deshabilitar la autoprotección mediante una utilidad de la línea de comandos suministrada por McAfee. • https://kc.mcafee.com/corporate/index?page=content&id=SB10312 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3670 – Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2019-3670
Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. Una vulnerabilidad de Ejecución de Código Remota en la interfaz web en McAfee Web Advisor (WA) versiones 8.0.34745 y anteriores, permite a un atacante no autenticado remoto ejecutar código arbitrario por medio de un ataque de tipo cross site scripting. • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS103008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7252 – Unquoted service executable path
https://notcve.org/view.php?id=CVE-2020-7252
Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. Una ruta ejecutable de servicio sin comillas en DXL Broker en McAfee Data eXchange Layer (DXL) Framework versiones 6.0.0 y anteriores, permite a usuarios locales causar una denegación de servicio (DoS) y una ejecución de archivos maliciosos por medio de archivos ejecutables cuidadosamente diseñados y nombrados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10307 • CWE-250: Execution with Unnecessary Privileges CWE-428: Unquoted Search Path or Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7251 – ESConfig Tool able to edit configuration for newer version
https://notcve.org/view.php?id=CVE-2020-7251
Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS. Una vulnerabilidad de control de acceso inapropiada en Configuration Tool en Mcafee Endpoint Security (ENS) versiones anteriores a 10.6.1. La Actualización de febrero de 2020, permite a usuarios locales deshabilitar las características de seguridad, por medio del uso no autorizado de configuration tool desde las versiones anteriores de ENS. • https://kc.mcafee.com/corporate/index?page=content&id=SB10299 • CWE-358: Improperly Implemented Security Check for Standard CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 75EXPL: 0CVE-2020-2654 – OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)
https://notcve.org/view.php?id=CVE-2020-2654
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html https://access.redhat.com/errata/RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0157 https://access.redhat.com/errata/RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0 • CWE-770: Allocation of Resources Without Limits or Throttling •