VYPR

Vendor CVEs

McAfee

All CVEs

561 total · sorted by risk
  • CVE-2023-5444Nov 17, 2023
    risk 0.00cvss epss 0.00

    A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit…

  • CVE-2023-6119Nov 16, 2023
    risk 0.00cvss epss 0.00

    An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it…

  • CVE-2023-40352Aug 21, 2023
    risk 0.00cvss epss 0.01

    McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.

  • CVE-2023-3946Jul 26, 2023
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.…

  • CVE-2023-1522Apr 5, 2023
    risk 0.00cvss epss 0.01

    SQL Injection in the Hardware Inventory report of Security Center 5.11.2.

  • CVE-2023-25134Mar 21, 2023
    risk 0.00cvss epss 0.00

    McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.

  • CVE-2023-24577Mar 13, 2023
    risk 0.00cvss epss 0.00

    McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks.

  • CVE-2023-24579Mar 13, 2023
    risk 0.00cvss epss 0.00

    McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.

  • CVE-2023-24578Mar 13, 2023
    risk 0.00cvss epss 0.00

    McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks.

  • CVE-2022-43751Nov 22, 2022
    risk 0.00cvss epss 0.00

    McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary…

  • CVE-2022-3339Oct 18, 2022
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.…

  • CVE-2022-37025Aug 18, 2022
    risk 0.00cvss epss 0.00

    An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being…

  • CVE-2022-1823Jun 20, 2022
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and…

  • CVE-2022-1824Jun 20, 2022
    risk 0.00cvss epss 0.00

    An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to…

  • CVE-2022-1254Apr 20, 2022
    risk 0.00cvss epss 0.01

    A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by…

  • CVE-2022-1258Apr 14, 2022
    risk 0.00cvss epss 0.01

    A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.

  • CVE-2022-1256Apr 14, 2022
    risk 0.00cvss epss 0.00

    A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges…

  • CVE-2022-0861Mar 23, 2022
    risk 0.00cvss epss 0.00

    A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential…

  • CVE-2022-0862Mar 23, 2022
    risk 0.00cvss epss 0.01

    A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This…

  • CVE-2022-0858Mar 23, 2022
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would…

  • CVE-2022-0859Mar 23, 2022
    risk 0.00cvss epss 0.00

    McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server…

  • CVE-2022-0857Mar 23, 2022
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.…

  • CVE-2022-0842Mar 23, 2022
    risk 0.00cvss epss 0.01

    A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to…

  • CVE-2022-0280Mar 10, 2022
    risk 0.00cvss epss 0.00

    A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially…

  • CVE-2022-0815Mar 10, 2022
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including;…

  • CVE-2021-40837Feb 9, 2022
    risk 0.00cvss epss 0.01

    A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in…

  • CVE-2021-4088Jan 24, 2022
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code…

  • CVE-2022-0166Jan 19, 2022
    risk 0.00cvss epss 0.03

    A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and…

  • CVE-2021-31854Jan 19, 2022
    risk 0.00cvss epss 0.01

    A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment…

  • CVE-2022-0129Jan 11, 2022
    risk 0.00cvss epss 0.00

    Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory…

  • CVE-2021-31833Jan 4, 2022
    risk 0.00cvss epss 0.00

    Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would…

  • CVE-2021-40836Dec 22, 2021
    risk 0.00cvss epss 0.00

    A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.

  • CVE-2021-4038Dec 9, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize…

  • CVE-2021-31850Dec 8, 2021
    risk 0.00cvss epss 0.01

    A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of…

  • CVE-2021-40833Nov 26, 2021
    risk 0.00cvss epss 0.00

    A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.

  • CVE-2021-31851Nov 23, 2021
    risk 0.00cvss epss 0.01

    A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor…

  • CVE-2021-31852Nov 23, 2021
    risk 0.00cvss epss 0.01

    A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based…

  • CVE-2021-31853Nov 10, 2021
    risk 0.00cvss epss 0.00

    DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.

  • CVE-2021-31848Nov 1, 2021
    risk 0.00cvss epss 0.01

    Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case…

  • CVE-2021-31849Nov 1, 2021
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.

  • CVE-2021-23877Oct 26, 2021
    risk 0.00cvss epss 0.00

    Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.

  • CVE-2021-31834Oct 22, 2021
    risk 0.00cvss epss 0.00

    Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

  • CVE-2021-31835Oct 22, 2021
    risk 0.00cvss epss 0.01

    Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.

  • CVE-2021-33602Oct 6, 2021
    risk 0.00cvss epss 0.01

    A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in…

  • CVE-2021-23893Oct 1, 2021
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer.

  • CVE-2021-31836Sep 22, 2021
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.

  • CVE-2021-31847Sep 22, 2021
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as…

  • CVE-2021-31841Sep 22, 2021
    risk 0.00cvss epss 0.00

    A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the…

  • CVE-2021-31844Sep 17, 2021
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering…

  • CVE-2021-31845Sep 17, 2021
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover…

Page 5 of 12