Filtered by vendor Mcafee
Subscribe
Total
604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23889 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
|
|||||
| CVE-2021-23888 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.9 MEDIUM | 6.3 MEDIUM |
|
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.
|
|||||
| CVE-2021-23887 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver.
|
|||||
| CVE-2021-23886 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory.
|
|||||
| CVE-2021-23885 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 9.0 HIGH | 9.0 CRITICAL |
|
Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.
|
|||||
| CVE-2021-23884 | 1 Mcafee | 1 Content Security Reporter | 2024-11-21 | 2.7 LOW | 4.3 MEDIUM |
|
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.
|
|||||
| CVE-2021-23883 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.9 MEDIUM | 4.0 MEDIUM |
|
A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial protection prior to this update.
|
|||||
| CVE-2021-23882 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 1.9 LOW | 8.2 HIGH |
|
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.
|
|||||
| CVE-2021-23881 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.
|
|||||
| CVE-2021-23880 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 2.1 LOW | 6.7 MEDIUM |
|
Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.
|
|||||
| CVE-2021-23879 | 1 Mcafee | 1 Endpoint Product Removal Tool | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location.
|
|||||
| CVE-2021-23878 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
|
Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine
|
|||||
| CVE-2021-23877 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.
|
|||||
| CVE-2021-23876 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.
|
|||||
| CVE-2021-23873 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 3.6 LOW | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.
|
|||||
| CVE-2021-23872 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface.
|
|||||
| CVE-2021-23840 | 7 Debian, Fujitsu, Mcafee and 4 more | 27 Debian Linux, M10-1, M10-1 Firmware and 24 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions s ...
Show More |
|||||
| CVE-2021-1258 | 3 Cisco, Mcafee, Microsoft | 3 Anyconnect Secure Mobility Client, Agent Epolicy Orchestrator Extension, Windows | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the und ...
Show More |
|||||
| CVE-2020-9484 | 7 Apache, Canonical, Debian and 4 more | 26 Tomcat, Ubuntu Linux, Debian Linux and 23 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserial ...
Show More |
|||||
| CVE-2020-7343 | 1 Mcafee | 1 Agent | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
|
|||||
| CVE-2020-7339 | 1 Mcafee | 1 Database Security | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
|
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.
|
|||||
| CVE-2020-7337 | 1 Mcafee | 1 Virusscan Enterprise | 2024-11-21 | 4.6 MEDIUM | 6.5 MEDIUM |
|
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.
|
|||||
| CVE-2020-7336 | 1 Mcafee | 1 Network Security Management | 2024-11-21 | 4.3 MEDIUM | 6.6 MEDIUM |
|
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.
|
|||||
| CVE-2020-7335 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 4.4 MEDIUM | 7.5 HIGH |
|
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window.
|
|||||
| CVE-2020-7334 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 4.6 MEDIUM | 7.7 HIGH |
|
Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software.
|
|||||
| CVE-2020-7333 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.
|
|||||
| CVE-2020-7332 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 6.8 MEDIUM | 7.0 HIGH |
|
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.
|
|||||
| CVE-2020-7331 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
|
|||||
| CVE-2020-7330 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
|
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables
|
|||||
| CVE-2020-7329 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.
|
|||||
| CVE-2020-7328 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.
|
|||||
| CVE-2020-7327 | 1 Mcafee | 1 Mvision Endpoint Detection And Response | 2024-11-21 | 4.6 MEDIUM | 6.0 MEDIUM |
|
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed
|
|||||
| CVE-2020-7326 | 1 Mcafee | 1 Active Response | 2024-11-21 | 4.6 MEDIUM | 6.0 MEDIUM |
|
Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed
|
|||||
| CVE-2020-7325 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
|
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.
|
|||||
| CVE-2020-7324 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
|
Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions.
|
|||||
| CVE-2020-7323 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 5.9 MEDIUM | 6.9 MEDIUM |
|
Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine.
|
|||||
| CVE-2020-7322 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 2.1 LOW | 4.7 MEDIUM |
|
Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.
|
|||||
| CVE-2020-7320 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 2.1 LOW | 6.7 MEDIUM |
|
Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services.
|
|||||
| CVE-2020-7319 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
|
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.
|
|||||
| CVE-2020-7318 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 2.3 LOW | 4.6 MEDIUM |
|
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
|
|||||