Description
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker’s choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.
Base Score: 7.8 HIGH
https://kc.mcafee.com/corporate/index?page=content&id=SB10344
___________________________________
Description
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.
Base Score: 8.2 HIGH
https://kc.mcafee.com/corporate/index?page=content&id=SB10355
CVE-2022-4337 Description An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Base Score: 9.8 CRITICAL https://www.openwall.com/lists/oss-security/2022/12/21/4 ______________________________ CVE-2022-4338 Description An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. Base Score: 9.8 CRITICAL https://www.openwall.com/lists/oss-security/2022/12/21/4 _______________________________ CVE-2022-3715 Description A flaw was found in the bash package, where a heap-buffer […]
CVE-2013-0880 Description Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. Base Score: 7.5 HIGH http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
CVE-2023-20025 Description A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based […]
Leave a Reply