86 matches found
CVE-2022-0858
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 contains a cross‑site scripting (XSS) vulnerability that could allow a remote attacker to obtain an administrator’s session by persuading the user to click a crafted link, with limited ability to alter information in the affecte...
CVE-2022-0859
CVE-2022-0859 affects McAfee Enterprise ePolicy Orchestrator (ePO) versions prior to 5.10 Update 13. The vulnerability allows a local attacker who is on the server hosting ePO (administrators) and who knows the SQL password to point the ePO server to an arbitrary SQL server during the restoration...
CVE-2022-0862
CVE-2022-0862 describes a password-change protection weakness in McAfee Enterprise ePolicy Orchestrator (ePO) before 5.10 Update 13, via a depreciated API. A remote attacker could change the password of a compromised session without knowing the current password. The UI removed this functionality ...
CVE-2022-0861
The CVE-2022-0861 entry describes a XML External Entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) versions prior to 5.10 Update 13. A remote administrator can upload a crafted XML file via the extension import functionality, with impact limited to some leakage of confidential ...
CVE-2022-0857
CVE-2022-0857 describes a reflected cross-site scripting (XSS) flaw in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13. The vulnerability could let a remote attacker lure an administrator to click a crafted link, potentially exposing session information and allowing limited i...
CVE-2022-0842
CVE-2022-0842 affects McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13. The vulnerability is a blind SQL injection in ePO, which could let a remote authenticated attacker obtain information from the ePO database. The amount of data potentially exposed depends on the attacker’s...
CVE-2020-9484
CVE-2020-9484 is a deserialization flaw in Apache Tomcat that, under a specific FileStore PersistenceManager configuration and a crafted request, can trigger remote code execution. Affected are Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 when the...
CVE-2020-13935
CVE-2020-13935 affects Apache Tomcat: the WebSocket frame payload length was not properly validated, which could trigger an infinite loop and allow DoS via multiple invalid payloads. Affected: Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, and 7.0.27 to 7.0.104. The initial d...
CVE-2020-13938
CVE-2020-13938 affects Apache HTTP Server 2.4.0–2.4.46. The vulnerability allows unprivileged local users to stop the httpd service on Windows. The connected sources confirm the affected product family and the local-access impact, with public advisories referencing Microsoft Windows behavior and ...
CVE-2021-23840
CVE-2021-23840 describes an integer-length overflow in EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate that can cause a negative output length value when input length is near the platform’s integer limit. This can lead to application crashes or incorrect behavior. Affected OpenSSL rele...
CVE-2021-3712
The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...
CVE-2021-33037
CVE-2021-33037 affects Apache Tomcat: versions 10.0.0-M1–10.0.6, 9.0.0.M1–9.0.46, and 8.5.0–8.5.66 may mishandle the HTTP transfer-encoding header with reverse proxies, enabling request smuggling. Root cause: improper header handling allowing spoofed content encoding sequencing. Impact stated in ...
CVE-2019-2602
CVE-2019-2602 affects Oracle Java SE and Java SE Embedded Libraries component. Affected: Java SE 7u211, 8u202, 11.0.2, 12; Java SE Embedded 8u201. Root cause per the entry: vulnerability in Libraries that allows an unauthenticated, network-based attacker to cause a hang or frequent crashes (compl...
CVE-2019-2975
CVE-2019-2975 affects Oracle Java SE/Scripting (and Java SE Embedded) with known affected builds: Java SE 8u221, 11.0.4, and 13; Java SE Embedded 8u221. The vulnerability concerns loading/executing untrusted code in environments like sandboxed Web Start/Applet contexts and can allow an unauthenti...
CVE-2019-2949
CVE-2019-2949 affects Oracle/OpenJDK Java SE Kerberos components. Affected Java SE: 7u231, 8u221, 11.0.4, 13; Java SE Embedded: 8u221. Exploitation requires network access via Kerberos and unauthenticated access could lead to leakage of sensitive data or elevated access. Connected documents show ...
CVE-2019-2842
CVE-2019-2842 affects Oracle Java SE OpenJDK 8u212 (JCE) and related Java SE/OpenJDK components; vulnerable component is the JCE in Java SE 8u212, with network-based unauthenticated access leading to a partial DoS of Java SE. Connected advisories confirm multiple affected package sets (java-1.8.0...
CVE-2021-2161
CVE-2021-2161 affects Oracle Java SE family (Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition) in the Libraries component. The issue arises from how untrusted code is loaded/run and data from untrusted APIs, enabling a network-accessible attacker to perform unauthenticated actions and...
CVE-2019-2745
CVE-2019-2745 is an OpenJDK/Java SE vulnerability in the Security subcomponent with affected Java versions including 7u221, 8u212, and 11.0.3. Multiple advisories (CentOS, RHEL/CentOS, Debian) describe this as a side-channel risk in EC cryptography or related OpenJDK components, with exploitation...
CVE-2020-14621
CVE-2020-14621 details (connected data) : The vulnerability concerns Oracle Java SE/OpenJDK JAXP in Java SE/Embedded. Affected versions include Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251. The issue is described as an easily exploitable flaw in the JAXP component that allows an...
CVE-2020-2654
CVE-2020-2654 affects Oracle Java SE Libraries in Java SE 7u241, 8u231, 11.0.5 and 13.0.1 (Java SE and Java SE Embedded) with the issue described as an unauthenticated network-access vulnerability that can cause a partial denial of service. The root cause is tied to the Libraries component (with ...
CVE-2020-14581
CVE-2020-14581 affects Oracle Java SE/Java SE Embedded (component: 2D) with affected versions Java SE: 8u251, 11.0.7, 14.0.1 and Java SE Embedded: 8u251. The CVE is listed with a low overall base score (CVSS 3.1: 3.7) and confidentiality impact (C:L) and no impact on integrity/availability (I:N/A...
CVE-2020-2590
CVE-2020-2590 is an OpenJDK/Oracle Java SE vulnerability in the Security component (Kerberos interop) affecting Java SE and Java SE Embedded across multiple versions. Public descriptions indicate unauthenticated remote access via network and potential unauthorized data updates/deletes; CVSS 3.0 b...
CVE-2020-2754
CVE-2020-2754 affects Oracle Java SE/Embedded (Scripting) with affected versions Java SE 8u241, 11.0.6 and 14; Java SE Embedded 8u241. Root cause: a parsing/validation weakness in the Scripting component allows an unauthenticated, network-based attacker to cause a partial Denial of Service on Jav...
CVE-2020-2757
CVE-2020-2757 affects Oracle Java SE/SE Embedded (Serialization). Vulnerable: Java SE: 7u251, 8u241, 11.0.6, 14; SE Embedded: 8u241. Impact: unauthenticated network access leading to partial DoS on Java SE/SE Embedded. Root cause: serialization-related handling in the affected component; sandboxe...
CVE-2020-2773
CVE-2020-2773 is a vulnerability in Oracle Java SE and Java SE Embedded (component: Security) that can be exploited remotely by unauthenticated attackers to cause a partial denial of service on affected Java runtimes. Affected versions include Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedde...
CVE-2020-2604
CVE-2020-2604 affects Oracle Java SE/Java SE Embedded Serialization. Affected: Java SE 7u241, 8u231, 11.0.5, 13.0.1; Java SE Embedded 8u231. Described impact: unauthenticated, network-based attacker can take over the Java environment; high confidentiality, integrity, and availability impact (CVSS...
CVE-2020-2756
CVE-2020-2756 affects Oracle Java SE/Java SE Embedded (component: Serialization). Affected: Java SE 7u251, 8u241, 11.0.6, 14; Java SE Embedded 8u241. An unauthenticated, network-exposed attacker can exploit to cause a partial Denial of Service. Connected advisories show remediation via updating t...
CVE-2020-14579
CVE-2020-14579 affects Oracle Java SE/Embedded (Libraries component) with affected Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. The connected advisories confirm network-remote, unauthenticated access leading to a partial denial of service via multiple protocols, per CVSS 3.1 Base Score 3.7 ...
CVE-2019-2769
CVE-2019-2769 affects Oracle Java SE/Java SE Embedded, with affected components in Utilities and related subsystems. The initial description identifies Java SE versions 7u221, 8u212, 11.0.3 and 12.0.1 and Java SE Embedded 8u211 as impacted, enabling network-based, unauthenticated exploitation tha...
CVE-2019-2894
CVE-2019-2894 affects Oracle Java SE/OpenJDK components (Security) in Java SE 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Impact: allows an unauthenticated attacker over the network to read a subset of data in Java SE/Embedded. Public advisories confirm this CVE is being addressed in mu...
CVE-2020-14792
CVE-2020-14792 is an Oracle Java OpenJDK vulnerability affecting Java SE and Embedded runtimes (Hotspot/Libraries components) with the root issue described as “Better range handling.” Affected versions include Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. The connected advisories...
CVE-2020-2583
CVE-2020-2583 affects OpenJDK/OpenJDK-derived packages across multiple vendors and OSes, with the Serialization component (and related areas) being impacted. Public advisories in Debian (DLA-2128-1) and CentOS/Red Hat family outline affected versions such as Java 7u241/8u231/11.0.5/13.0.1 (and em...
CVE-2020-2755
CVE-2020-2755 is reported in the Oracle Java SE scripting component affecting Java SE 8u241, 11.0.6 and 14 (and Java SE Embedded 8u241). The vulnerability allows an unauthenticated attacker with network access to cause a partial denial of service in Java SE/Java SE Embedded. The CVSS base score i...
CVE-2020-14782
CVE-2020-14782 affects Oracle/OpenJDK Java SE/SE Embedded libraries (notably the Certificates processing) with affected versions including Java 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261. Connected advisory data confirms multiple vendors package updates across OpenJDK variants (e.g., ALA...
CVE-2020-14578
CVE-2020-14578 affects Oracle Java SE and Java SE Embedded (Libraries component) with Java SE 7u261 and 8u251; Java SE Embedded 8u251. It is exploitable over a network (multiple protocols) by unauthenticated attackers, including via sandboxed Java Web Start apps, applets, or direct API input, lea...
CVE-2019-2816
CVE-2019-2816 affects Oracle Java SE/Java SE Embedded Networking and related components (Utilities) with affected Java SE versions 7u221, 8u212, 11.0.3, 12.0.1 and Java SE Embedded 8u211. IBM AIX security bulletin confirms CVSS 3.0 base score 4.8 (Network, High/AC:H, Privileges N, User Interactio...
CVE-2020-2593
CVE-2020-2593 affects multiple OpenJDK/JRE components across the Java SE/Embedded stack (Networking, Security, Serialization, 2D, JAXP, Libraries, etc.). Connected advisories enumerate affected versions including Java SE 7u231/7u241, 8u221/8u231, 11.0.4/11.0.5, and 13.0.1, with OpenJDK builds for...
CVE-2019-2762
CVE-2019-2762 is a vulnerability in Oracle Java SE/Java SE Embedded Utilities. Affected are Java SE: 7u221, 8u212, 11.0.3, 12.0.1; Java SE Embedded: 8u211. Public sources in the connected documents confirm an easily exploitable issue allowing unauthenticated network access to compromise the Java ...
CVE-2019-2766
CVE-2019-2766 affects Oracle Java SE and Java SE Embedded (Networking subcomponent) with affected versions: Java SE 7u221, 8u212, 11.0.3, 12.0.1 and Java SE Embedded 8u211. The Connected documents describe it as a network-accessible vulnerability that is difficult to exploit and can lead to unaut...
CVE-2019-2933
CVE-2019-2933 affects Oracle Java SE and Java SE Embedded (Libraries). Affected versions are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. The vulnerability can be exploited remotely via multiple protocols, with network access, by an unauthenticated attacker. Exploitation require...
CVE-2021-2432
CVE-2021-2432 affects Oracle Java SE (component: JNDI) with Java SE 7u301. The vulnerability can be exploited by an unauthenticated attacker who has network access over multiple protocols to cause a partial denial of service to Java SE. The issue specifically involves Java deployments that load u...
CVE-2021-30639
Apache Tomcat CVE-2021-30639 describes a DoS vulnerability caused by improper error handling during non-blocking I/O, where the error flag on a Request object isn’t reset between requests. This can allow a remote attacker to trigger non-blocking I/O errors (e.g., by dropping connections) and caus...
CVE-2013-4883
CVE-2013-4883 describes multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator (ePO) version 4.6.6 and earlier, and in the ePO Extension for the McAfee Agent (MA) 4.5–4.6. The root cause is input handling flaws that allow an attacker to inject arbitrary web script or H...
CVE-2013-4882
CVE-2013-4882: McAfee ePolicy Orchestrator (ePO) includes multiple SQL injection vulnerabilities—affecting ePO 4.6.6 and earlier and the ePO extension for MCAfee Agent 4.5/4.6—allowing remote authenticated users to execute arbitrary SQL via the uid parameter in core/showRegisteredTypeDetails.do a...
CVE-2020-7318
McAfee ePolicy Orchestrator (ePO) before version 5.10.9 Update 9 is affected by CVE-2020-7318, a cross-site scripting (XSS) vulnerability. The issue arises from multiple parameters not being properly sanitized, allowing an attacker with adjacent access to inject arbitrary web script or HTML in th...
CVE-2013-0140
CVE-2013-0140 describes a SQL injection vulnerability in the Agent-Handler component of McAfee ePolicy Orchestrator (ePO) , affecting versions before 4.5.7 and 4.6.x before 4.6.6. A remote attacker can execute arbitrary SQL commands by sending a crafted request over the Agent-Server communication...
CVE-2019-3619
CVE-2019-3619 affects McAfee ePolicy Orchestrator (ePO) with the Agent Handler in 5.9.x and 5.10.0 prior to 5.10.0 Update 4. It is an information-disclosure vulnerability where sensitive data can be viewed in plain text by sniffing traffic between the Agent Handler and the SQL server. The root ca...
CVE-2023-5444
CVE-2023-5444 involves Trellix ePolicy Orchestrator before 5.10.0 CP1 Update 2. a CSRF allows a remote low-privilege attacker to add a new administrator user, impacting the dashboard UI. The exploit reportedly requires altering the HTTP payload post submission before it reaches the ePO server. Af...
CVE-2022-3338
CVE-2022-3338 is a Trellix ePolicy Orchestrator XXE vulnerability affecting ePO versions prior to 5.10 Update 14. An unauthenticated attacker could trigger a server-side request forgery by passing a crafted XML via the API, potentially exploiting the Agent Handler path. Supported details from con...
CVE-2013-0141
Summary (CVE-2013-0141): A directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) allows a remote attacker to upload arbitrary files via a crafted request over the Agent-Server communication channel, demonstrated by writing to the Software/ directory. It affects ePO versions prior...