Description
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker’s choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.
Base Score: 7.8 HIGH
https://kc.mcafee.com/corporate/index?page=content&id=SB10344
___________________________________
Description
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.
Base Score: 8.2 HIGH
https://kc.mcafee.com/corporate/index?page=content&id=SB10355
CVE-2023-21819 Description Windows Secure Channel Denial of Service Vulnerability Base Score: 7.5 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21819 CVE-2023-21820 Description Windows Distributed File System (DFS) Remote Code Execution Vulnerability Base Score: 7.4 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21820 CVE-2023-21822 Description Windows Graphics Component Elevation of Privilege Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21822 CVE-2023-23374 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Base Score: 8.3 […]
CVE-2023-23381 Description Visual Studio Remote Code Execution Vulnerability Base Score: 8.4 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381 CVE-2023-21823 Description Windows Graphics Component Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823 CVE-2023-21815 Description Visual Studio Remote Code Execution Vulnerability Base Score: 8.4 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815 CVE-2023-21808 Description .NET and Visual Studio Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808 ______________________________________________________ […]
CVE-2022-20929 Description A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic […]
Leave a Reply