Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-31847: Security Bulletin - McAfee Agent for Windows update fixes three vulnerabilities (CVE-2021-31836, CVE-2021-31841, CVE-2021-31847)

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.

CVE

Related news

CVE-2021-29798: Security Bulletin: SQL Injection Vulnerability Affects Docker Container of IBM Sterling B2B Integrator (CVE-2021-29798)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734.

CVE-2021-29903: Security Bulletin: SQL Injection Vulnerability Affects B2B API of IBM Sterling B2B Integrator (CVE-2021-29903)

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506.

CVE-2021-31841: Security Bulletin - McAfee Agent for Windows update fixes three vulnerabilities (CVE-2021-31836, CVE-2021-31841, CVE-2021-31847)

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature.

CVE-2021-31847: Security Bulletin - McAfee Agent for Windows update fixes three vulnerabilities (CVE-2021-31836, CVE-2021-31841, CVE-2021-31847)

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.

CVE-2021-31836: Security Bulletin - McAfee Agent for Windows update fixes three vulnerabilities (CVE-2021-31836, CVE-2021-31841, CVE-2021-31847)

Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.

CVE-2021-20208: 14651 – CVE-2021-20208 [SECURITY][EMBARGOED] cifs-utils: cifs.upcall kerberos auth leak in container

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907