Filtered by vendor Mcafee
Subscribe
Total
603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0280 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2023-11-16 | 3.3 LOW | 7.0 HIGH |
| A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them. | |||||
| CVE-2021-31848 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2023-11-16 | 3.5 LOW | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension. | |||||
| CVE-2021-31830 | 1 Mcafee | 1 Database Security | 2023-11-16 | 3.5 LOW | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database. | |||||
| CVE-2020-7339 | 1 Mcafee | 1 Database Security | 2023-11-16 | 5.8 MEDIUM | 6.3 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors. | |||||
| CVE-2021-4038 | 1 Mcafee | 1 Network Security Manager | 2023-11-16 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios. | |||||
| CVE-2020-7332 | 1 Mcafee | 1 Endpoint Security | 2023-11-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. | |||||
| CVE-2021-23884 | 1 Mcafee | 1 Content Security Reporter | 2023-11-16 | 2.7 LOW | 4.3 MEDIUM |
| Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR. | |||||
| CVE-2021-23883 | 1 Mcafee | 1 Endpoint Security | 2023-11-16 | 4.9 MEDIUM | 4.4 MEDIUM |
| A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial protection prior to this update. | |||||
| CVE-2020-7336 | 1 Mcafee | 1 Network Security Management | 2023-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request. | |||||
| CVE-2021-23882 | 1 Mcafee | 1 Endpoint Security | 2023-11-16 | 1.9 LOW | 4.4 MEDIUM |
| Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade. | |||||
| CVE-2021-23881 | 1 Mcafee | 1 Endpoint Security | 2023-11-16 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy. | |||||
| CVE-2021-23880 | 1 Mcafee | 1 Endpoint Security | 2023-11-16 | 2.1 LOW | 4.4 MEDIUM |
| Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters. | |||||
| CVE-2021-23876 | 1 Mcafee | 1 Total Protection | 2023-11-16 | 7.2 HIGH | 7.8 HIGH |
| Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware. | |||||
| CVE-2020-7343 | 1 Mcafee | 1 Agent | 2023-11-16 | 2.1 LOW | 5.5 MEDIUM |
| Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files. | |||||
| CVE-2020-7333 | 1 Mcafee | 1 Endpoint Security | 2023-11-16 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard. | |||||
| CVE-2021-31832 | 1 Mcafee | 1 Data Loss Prevention | 2023-11-16 | 3.5 LOW | 4.8 MEDIUM |
| Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine. | |||||
| CVE-2021-23887 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2023-11-15 | 7.2 HIGH | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver. | |||||
| CVE-2021-23895 | 1 Mcafee | 1 Database Security | 2023-11-15 | 9.0 HIGH | 8.0 HIGH |
| Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | |||||
| CVE-2021-31833 | 1 Mcafee | 1 Application And Change Control | 2023-11-15 | 4.6 MEDIUM | 7.8 HIGH |
| Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run. | |||||
| CVE-2021-31834 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-15 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | |||||