Home

• CVE-2021-23879 - McAfee - Unquoted Search Path or Element

  March 9th, 2021

  Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path.




• CVE-2021-23878 - McAfee - Cleartext Storage of Sensitive Information

  February 9th, 2021

  Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions.




• CVE-2021-1694 - Microsoft - Improper Privilege Management

  January 12th, 2021

  Windows Update Stack Elevation of Privilege Vulnerability




• CVE-2020-26118 - SmartBear - Deserialization of Untrusted Data

  January 5th, 2021

  In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application’s UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system.




• CVE-2020-27645 - 1E - Unquoted Search Path or Element

  December 29th, 2020

  The Inventory module of the 1E Client 5.0.0.745 doesn’t handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.

Previous      Page: 15 of 21      Next