CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7333 – Cross-site Scripting (XSS) in firewall ePO extension of McAfee Endpoint Security (ENS)
https://notcve.org/view.php?id=CVE-2020-7333
12 Nov 2020 — Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard. Una Vulnerabilidad de tipo Cross site scripting en la extensión ePO de firewall de McAfee Endpoint Security (ENS) versiones anteriores a 10.7.0, actualización de Noviembre de 2020, permite a los administradores inyectar script web o HTML arbitrario por medio del asistente de configura... • https://kc.mcafee.com/corporate/index?page=content&id=SB10335 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7332 – Cross-Site Request Forgery (CSRF) in firewall ePO extension of McAfee Endpoint Security (ENS)
https://notcve.org/view.php?id=CVE-2020-7332
12 Nov 2020 — Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. Vulnerabilidad de tipo Cross Site Request Forgery en la extensión ePO del firewall de McAfee Endpoint Security (ENS) versiones anteriores a 10.7.0, actualización de Noviembre de 2020, permite a un atacante ejecutar código HTML arbitrario debido a una configuración de seguridad i... • https://kc.mcafee.com/corporate/index?page=content&id=SB10335 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7331 – Unquoted service executable path in McAfee Endpoint Security (ENS)
https://notcve.org/view.php?id=CVE-2020-7331
12 Nov 2020 — Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. Una ruta ejecutable de servicio sin comillas en McAfee Endpoint Security (ENS) versiones anteriores a 10.7.0, actualización de Noviembre de 2020, permite a usuarios locales causar una denegación de servicio y la ejecución de archivos maliciosos por medio de archivos ejecutables cu... • https://kc.mcafee.com/corporate/index?page=content&id=SB10335 • CWE-428: Unquoted Search Path or Element •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6014
https://notcve.org/view.php?id=CVE-2020-6014
30 Oct 2020 — Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. Check Point Endpoint Security Client para Windows, con blades Anti-Bot o Threat Emulation instalados, antes ... • https://supportcontent.checkpoint.com/solutions?id=sk168081 • CWE-114: Process Control CWE-426: Untrusted Search Path •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7323 – Authentication Protection Bypass vulnerability in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7323
09 Sep 2020 — Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine. Una vulnerabilidad de Omisión de Protección de Autenticación en McAfee Endpoint Security (ENS) para Windows ver... • https://kc.mcafee.com/corporate/index?page=content&id=SB10327 • CWE-287: Improper Authentication •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7322 – Exposure of Sensitive Information in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7322
09 Sep 2020 — Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. Una vulnerabilidad de divulgación de información en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Actualización de Septiembre de 2020, permite a usuarios locales obtener acceso a información confidencial mediante el registro incorrecto de i... • https://kc.mcafee.com/corporate/index?page=content&id=SB10327 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7319 – Improper Access Control Vulnerability in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7319
09 Sep 2020 — Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. Una vulnerabilidad de Control de Acceso Inapropiado en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Actualización de Septiembre de 2020, permite a usuarios locales acceder a archivos a l... • https://kc.mcafee.com/corporate/index?page=content&id=SB10327 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7320 – Protection Mechanism Failure in ENS for Windows
https://notcve.org/view.php?id=CVE-2020-7320
09 Sep 2020 — Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services. Una vulnerabilidad de Fallo del Mecanismo de Protección en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 Actualización de Septiembre de 2020, permite al administrador local reducir temporalmente la c... • https://kc.mcafee.com/corporate/index?page=content&id=SB10327 • CWE-693: Protection Mechanism Failure •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8097 – Improper authentication vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (VA-8646)
https://notcve.org/view.php?id=CVE-2020-8097
30 Aug 2020 — An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261. Una vulnerabi... • https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8108 – Insufficient client validation in Bitdefender Endpoint Security for Mac (VA-8759)
https://notcve.org/view.php?id=CVE-2020-8108
03 Aug 2020 — Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80. Una vulnerabilidad de Autenticación Inapropiada en Bitdefender Endpoint Security para Mac, permite a un proceso no privilegiado reiniciar el servicio principal y potencialmente inyectar código de terceros a un proceso confiab... • https://www.bitdefender.com/support/security-advisories/insufficient-client-validation-bitdefender-endpoint-security-mac-va-8759 • CWE-287: Improper Authentication •