Description
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker’s choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.
Base Score: 7.8 HIGH
https://kc.mcafee.com/corporate/index?page=content&id=SB10344
___________________________________
Description
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.
Base Score: 8.2 HIGH
https://kc.mcafee.com/corporate/index?page=content&id=SB10355
CVE-2021-24581 Description The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its “Logo Title” setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. Base […]
CVE-2022-4337 Description An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Base Score: 9.8 CRITICAL https://www.openwall.com/lists/oss-security/2022/12/21/4 ______________________________ CVE-2022-4338 Description An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. Base Score: 9.8 CRITICAL https://www.openwall.com/lists/oss-security/2022/12/21/4 _______________________________ CVE-2022-3715 Description A flaw was found in the bash package, where a heap-buffer […]
CVE-2023-21535 Description Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548. Base Score: 8.1 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21535 __________________________________ CVE-2023-21532 Description Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21552. Base Score: 7.0 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21532 ___________________________________ CVE-2023-21531 Description Azure Service Fabric Container Elevation of Privilege Vulnerability. Base […]
Leave a Reply