Filtered by vendor Mcafee
Subscribe
Total
604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7317 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 2.3 LOW | 4.6 MEDIUM |
|
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.
|
|||||
| CVE-2020-7316 | 1 Mcafee | 1 File And Removable Media Protection | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
|
Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered.
|
|||||
| CVE-2020-7315 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 4.6 MEDIUM | 6.0 MEDIUM |
|
DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.
|
|||||
| CVE-2020-7314 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files.
|
|||||
| CVE-2020-7312 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
|
|||||
| CVE-2020-7311 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files.
|
|||||
| CVE-2020-7310 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 3.3 LOW | 6.9 MEDIUM |
|
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file.
|
|||||
| CVE-2020-7309 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 3.5 LOW | 3.9 LOW |
|
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.
|
|||||
| CVE-2020-7308 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 6.4 MEDIUM | 4.8 MEDIUM |
|
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.
|
|||||
| CVE-2020-7307 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 2.1 LOW | 5.2 MEDIUM |
|
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.
|
|||||
| CVE-2020-7306 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 2.1 LOW | 5.2 MEDIUM |
|
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text
|
|||||
| CVE-2020-7305 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 4.0 MEDIUM | 6.7 MEDIUM |
|
Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials.
|
|||||
| CVE-2020-7304 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 5.2 MEDIUM | 7.6 HIGH |
|
Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label.
|
|||||
| CVE-2020-7303 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 2.3 LOW | 4.1 MEDIUM |
|
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label.
|
|||||
| CVE-2020-7302 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.
|
|||||
| CVE-2020-7301 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
|
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.
|
|||||
| CVE-2020-7300 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 4.0 MEDIUM | 4.6 MEDIUM |
|
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.
|
|||||
| CVE-2020-7299 | 1 Mcafee | 1 True Key | 2024-11-21 | 1.9 LOW | 5.0 MEDIUM |
|
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.
|
|||||
| CVE-2020-7298 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 3.6 LOW | 7.5 HIGH |
|
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
|
|||||
| CVE-2020-7297 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
|
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.
|
|||||
| CVE-2020-7296 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
|
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.
|
|||||
| CVE-2020-7295 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 4.1 MEDIUM | 3.5 LOW |
|
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.
|
|||||
| CVE-2020-7294 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 4.1 MEDIUM | 4.6 MEDIUM |
|
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.
|
|||||
| CVE-2020-7293 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 7.7 HIGH | 9.0 CRITICAL |
|
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.
|
|||||
| CVE-2020-7292 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.
|
|||||
| CVE-2020-7291 | 2 Apple, Mcafee | 2 Macos, Active Response | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
|
|||||
| CVE-2020-7290 | 2 Linux, Mcafee | 2 Linux Kernel, Active Response | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
|
|||||
| CVE-2020-7289 | 2 Mcafee, Microsoft | 2 Active Response, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
|
|||||
| CVE-2020-7288 | 2 Apple, Mcafee | 2 Macos, Endpoint Detection And Response | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
|
|||||
| CVE-2020-7287 | 2 Linux, Mcafee | 2 Linux Kernel, Endpoint Detection And Response | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
|
|||||
| CVE-2020-7286 | 2 Mcafee, Microsoft | 2 Endpoint Detection And Response, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
|
|||||
| CVE-2020-7285 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
|
|||||
| CVE-2020-7284 | 1 Mcafee | 1 Network Security Management | 2024-11-21 | 7.2 HIGH | 8.6 HIGH |
|
Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).
|
|||||
| CVE-2020-7283 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
|
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.
|
|||||
| CVE-2020-7282 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 3.3 LOW | 7.5 HIGH |
|
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
|
|||||
| CVE-2020-7281 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 1.9 LOW | 7.5 HIGH |
|
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
|
|||||
| CVE-2020-7280 | 1 Mcafee | 1 Virusscan Enterprise | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.
|
|||||
| CVE-2020-7279 | 1 Mcafee | 1 Host Intrusion Prevention | 2024-11-21 | 4.4 MEDIUM | 4.6 MEDIUM |
|
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.
|
|||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.0 MEDIUM | 7.4 HIGH |
|
Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates.
|
|||||
| CVE-2020-7277 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered.
|
|||||