67 matches found
CVE-2023-41751
Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent Windows before build 32047...
CVE-2023-41749
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent Windows before build 32047, Acronis Cyber Protect 15 Windows before build 35979...
CVE-2023-26077
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions...
CVE-2023-0975
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...
CVE-2022-45454
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent Windows before build 30161, Acronis Cyber Protect 15 Windows before build 30984...
CVE-2022-4326 Trellix xAgent permission bypass vulnerability
Improper preservation of permissions vulnerability in Trellix Endpoint Agent xAgent prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality...
PT-2022-16042 · Amazon · Amazon Cloudwatch Agent For Windows
Name of the Vulnerable Software and Affected Versions: Amazon CloudWatch Agent for Windows versions up to and including v1.247354 Description: A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows. When users trigger a repair of the Agent, a pop-up window opens with...
PT-2022-24471 · Trellix · Trellix Agent
Name of the Vulnerable Software and Affected Versions: Trellix Agent TA for Windows versions prior to 5.7.8 Description: An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows. This allows an attacker with admin access to elevate their privileges to System by placing a...
CVE-2022-26503
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges...
CVE-2022-26503
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges...
CVE-2022-26503
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges...
Veeam Agent for Windows 代码问题漏洞
Veeam Agent for Windows is a data protection and disaster recovery solution for physical and virtual machines from Veeam Switzerland. A security vulnerability exists in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x that allows local users to run arbitrary code with local system...
The vulnerability of the Veeam Agent for Microsoft Windows data backup tool, related to deserialization mechanism flaws, allows attackers to execute arbitrary code.
The vulnerability of the Veeam Agent for Microsoft Windows data backup tool is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted data through the TCP port 9395...
CVE-2021-41562
A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows...
Vulnerabilities fixed in McAfee Agent for Windows
Vulnerabilities have been fixed in McAfee Agent for Windows. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased user privileges...
CVE-2021-31836
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user...
PT-2021-19543 · Mcafee · Mcafee Agent For Windows
Name of the Vulnerable Software and Affected Versions: McAfee Agent for Windows versions prior to 5.7.4 Description: A DLL sideloading issue could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the...
CVE-2021-20099
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100...
Vulnerabilities fixed in McAfee Agent for Windows
Vulnerabilities have been fixed in McAfee Agent for Windows. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2021-31840 potentially exploit it to execute arbitrary code with elevated privileges via a "DLL preloading" attack. The vulnerability with CVE attribut...
CVE-2021-31840
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid...