Filtered by vendor Mcafee
Subscribe
Search
Total
574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-2432 | 2 Mcafee, Oracle | 2 Epolicy Orchestrator, Jdk | 2022-05-13 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2020-13935 | 7 Apache, Canonical, Debian and 4 more | 18 Tomcat, Ubuntu Linux, Debian Linux and 15 more | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | |||||
| CVE-2020-15719 | 5 Mcafee, Openldap, Opensuse and 2 more | 5 Policy Auditor, Openldap, Leap and 2 more | 2022-05-12 | 4.0 MEDIUM | 4.2 MEDIUM |
| libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux. | |||||
| CVE-2021-23840 | 6 Debian, Fujitsu, Mcafee and 3 more | 26 Debian Linux, M10-1, M10-1 Firmware and 23 more | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | |||||
| CVE-2021-33037 | 4 Apache, Debian, Mcafee and 1 more | 22 Tomcat, Tomee, Debian Linux and 19 more | 2022-05-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. | |||||
| CVE-2022-0815 | 1 Mcafee | 1 Webadvisor | 2022-05-10 | 7.5 HIGH | 7.3 HIGH |
| Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. | |||||
| CVE-2021-31842 | 1 Mcafee | 1 Endpoint Security | 2022-05-10 | 2.1 LOW | 5.5 MEDIUM |
| XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. | |||||
| CVE-2021-31854 | 1 Mcafee | 1 Agent | 2022-05-10 | 9.3 HIGH | 7.8 HIGH |
| A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges. | |||||
| CVE-2021-23873 | 1 Mcafee | 1 Total Protection | 2022-05-03 | 3.6 LOW | 6.1 MEDIUM |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time. | |||||
| CVE-2021-23872 | 1 Mcafee | 1 Total Protection | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface. | |||||
| CVE-2021-23879 | 1 Mcafee | 1 Endpoint Product Removal Tool | 2022-05-03 | 7.2 HIGH | 6.7 MEDIUM |
| Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location. | |||||
| CVE-2020-7322 | 1 Mcafee | 1 Endpoint Security | 2022-05-03 | 2.1 LOW | 4.7 MEDIUM |
| Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. | |||||
| CVE-2020-0543 | 6 Canonical, Fedoraproject, Intel and 3 more | 719 Ubuntu Linux, Fedora, Celeron 1000m and 716 more | 2022-04-28 | 2.1 LOW | 5.5 MEDIUM |
| Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-23885 | 1 Mcafee | 1 Web Gateway | 2022-04-26 | 9.0 HIGH | 8.8 HIGH |
| Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page. | |||||
| CVE-2019-9516 | 11 Apache, Apple, Canonical and 8 more | 20 Traffic Server, Mac Os X, Swiftnio and 17 more | 2022-02-22 | 6.8 MEDIUM | 6.5 MEDIUM |
| Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. | |||||
| CVE-2019-9513 | 11 Apache, Apple, Canonical and 8 more | 21 Traffic Server, Mac Os X, Swiftnio and 18 more | 2022-02-22 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. | |||||
| CVE-2019-9511 | 11 Apache, Apple, Canonical and 8 more | 21 Traffic Server, Mac Os X, Swiftnio and 18 more | 2022-02-22 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | |||||
| CVE-2019-6454 | 8 Canonical, Debian, Fedoraproject and 5 more | 22 Ubuntu Linux, Debian Linux, Fedora and 19 more | 2022-02-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). | |||||
| CVE-2021-3712 | 6 Debian, Mcafee, Netapp and 3 more | 16 Debian Linux, Epolicy Orchestrator, Clustered Data Ontap and 13 more | 2022-02-08 | 5.8 MEDIUM | 7.4 HIGH |
| ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). | |||||
| CVE-2021-30639 | 2 Apache, Mcafee | 2 Tomcat, Epolicy Orchestrator | 2022-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64. | |||||
| CVE-2022-0129 | 1 Mcafee | 1 Techcheck | 2022-01-21 | 7.2 HIGH | 6.7 MEDIUM |
| Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from. | |||||
| CVE-2020-7268 | 1 Mcafee | 1 Email Gateway | 2022-01-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. | |||||
| CVE-2020-7295 | 1 Mcafee | 1 Web Gateway | 2022-01-06 | 4.1 MEDIUM | 4.6 MEDIUM |
| Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. | |||||
| CVE-2020-7293 | 1 Mcafee | 1 Web Gateway | 2022-01-06 | 7.7 HIGH | 9.0 CRITICAL |
| Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. | |||||
| CVE-2020-7296 | 1 Mcafee | 1 Web Gateway | 2022-01-06 | 2.7 LOW | 5.7 MEDIUM |
| Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. | |||||
| CVE-2020-7319 | 1 Mcafee | 1 Endpoint Security | 2022-01-01 | 4.6 MEDIUM | 8.8 HIGH |
| Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | |||||
| CVE-2020-7294 | 1 Mcafee | 1 Web Gateway | 2022-01-01 | 4.1 MEDIUM | 4.6 MEDIUM |
| Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. | |||||
| CVE-2020-7323 | 1 Mcafee | 1 Endpoint Security | 2022-01-01 | 5.9 MEDIUM | 6.9 MEDIUM |
| Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine. | |||||
| CVE-2021-31850 | 2 Mcafee, Microsoft | 2 Database Security, Windows | 2021-12-14 | 5.5 MEDIUM | 6.5 MEDIUM |
| A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server. | |||||
| CVE-2021-31851 | 1 Mcafee | 1 Policy Auditor | 2021-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extraction of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests. | |||||
| CVE-2015-7704 | 6 Citrix, Debian, Mcafee and 3 more | 14 Xenserver, Debian Linux, Enterprise Security Manager and 11 more | 2021-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | |||||
| CVE-2021-23877 | 1 Mcafee | 1 Total Protection | 2021-10-28 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP. | |||||
| CVE-2021-3156 | 8 Beyondtrust, Debian, Fedoraproject and 5 more | 25 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 22 more | 2021-10-20 | 7.2 HIGH | 7.8 HIGH |
| Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | |||||
| CVE-2020-7284 | 1 Mcafee | 1 Network Security Management | 2021-10-19 | 7.2 HIGH | 7.8 HIGH |
| Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI). | |||||
| CVE-2019-3588 | 1 Mcafee | 1 Virusscan Enterprise | 2021-10-19 | 6.9 MEDIUM | 6.8 MEDIUM |
| Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked. | |||||
| CVE-2019-3585 | 1 Mcafee | 1 Virusscan Enterprise | 2021-10-19 | 7.2 HIGH | 7.8 HIGH |
| Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges. | |||||
| CVE-2021-23893 | 1 Mcafee | 1 Drive Encryption | 2021-10-07 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer. | |||||
| CVE-2021-31843 | 1 Mcafee | 1 Endpoint Security | 2021-09-30 | 4.6 MEDIUM | 7.8 HIGH |
| Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. | |||||
| CVE-2020-7291 | 2 Apple, Mcafee | 2 Macos, Active Response | 2021-09-08 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-7288 | 2 Apple, Mcafee | 2 Macos, Endpoint Detection And Response | 2021-09-08 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2019-3651 | 1 Mcafee | 1 Advanced Threat Defense | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | |||||
| CVE-2019-3644 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. | |||||
| CVE-2019-3643 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. | |||||
| CVE-2019-3649 | 1 Mcafee | 1 Advanced Threat Defense | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. | |||||
| CVE-2019-3599 | 1 Mcafee | 1 Agent | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled. | |||||
| CVE-2019-3650 | 1 Mcafee | 1 Advanced Threat Defense | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. | |||||
| CVE-2020-2583 | 7 Canonical, Debian, Mcafee and 4 more | 24 Ubuntu Linux, Debian Linux, Epolicy Orchestrator and 21 more | 2021-07-21 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2020-2604 | 7 Canonical, Debian, Mcafee and 4 more | 25 Ubuntu Linux, Debian Linux, Epolicy Orchestrator and 22 more | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-7298 | 1 Mcafee | 1 Total Protection | 2021-07-21 | 3.6 LOW | 8.4 HIGH |
| Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. | |||||
| CVE-2021-31838 | 1 Mcafee | 1 Mvision Edr | 2021-07-02 | 9.0 HIGH | 9.1 CRITICAL |
| A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | |||||