VYPR

Vendor CVEs

McAfee

All CVEs

561 total · sorted by risk
  • CVE-2021-31843Sep 17, 2021
    risk 0.00cvss epss 0.00

    Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to…

  • CVE-2021-31842Sep 17, 2021
    risk 0.00cvss epss 0.00

    XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml…

  • CVE-2021-33599Sep 7, 2021
    risk 0.00cvss epss 0.00

    A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in…

  • CVE-2021-31838Jun 29, 2021
    risk 0.00cvss epss 0.02

    A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.

  • CVE-2021-31840Jun 10, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to…

  • CVE-2021-31839Jun 10, 2021
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the…

  • CVE-2021-31832Jun 9, 2021
    risk 0.00cvss epss 0.01

    Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be…

  • CVE-2021-31837Jun 9, 2021
    risk 0.00cvss epss 0.00

    Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD.

  • CVE-2021-31830Jun 3, 2021
    risk 0.00cvss epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered…

  • CVE-2021-31831Jun 3, 2021
    risk 0.00cvss epss 0.01

    Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only…

  • CVE-2021-23896Jun 2, 2021
    risk 0.00cvss epss 0.00

    Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This…

  • CVE-2021-23895Jun 2, 2021
    risk 0.00cvss epss 0.02

    Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the…

  • CVE-2021-23894Jun 2, 2021
    risk 0.00cvss epss 0.02

    Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the…

  • CVE-2021-23892May 12, 2021
    risk 0.00cvss epss 0.00

    By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose…

  • CVE-2021-23872May 12, 2021
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface.

  • CVE-2021-23891May 12, 2021
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.

  • CVE-2020-7270Apr 15, 2021
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD…

  • CVE-2020-7269Apr 15, 2021
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD…

  • CVE-2021-23887Apr 15, 2021
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the…

  • CVE-2021-23886Apr 15, 2021
    risk 0.00cvss epss 0.00

    Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook…

  • CVE-2020-7308Apr 15, 2021
    risk 0.00cvss epss 0.01

    Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI…

  • CVE-2021-23884Apr 15, 2021
    risk 0.00cvss epss 0.00

    Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway…

  • CVE-2021-23890Mar 26, 2021
    risk 0.00cvss epss 0.01

    Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to…

  • CVE-2021-23888Mar 26, 2021
    risk 0.00cvss epss 0.01

    Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.

  • CVE-2021-23889Mar 26, 2021
    risk 0.00cvss epss 0.01

    Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

  • CVE-2020-7346Mar 23, 2021
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of…

  • CVE-2021-23879Mar 15, 2021
    risk 0.00cvss epss 0.00

    Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path.…

  • CVE-2021-23885Feb 17, 2021
    risk 0.00cvss epss 0.01

    Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.

  • CVE-2021-23881Feb 10, 2021
    risk 0.00cvss epss 0.01

    A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local…

  • CVE-2021-23876Feb 10, 2021
    risk 0.00cvss epss 0.00

    Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.

  • CVE-2021-23873Feb 10, 2021
    risk 0.00cvss epss 0.01

    Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating…

  • CVE-2021-23883Feb 10, 2021
    risk 0.00cvss epss 0.00

    A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial…

  • CVE-2021-23882Feb 10, 2021
    risk 0.00cvss epss 0.00

    Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only…

  • CVE-2021-23880Feb 10, 2021
    risk 0.00cvss epss 0.00

    Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct…

  • CVE-2021-23878Feb 10, 2021
    risk 0.00cvss epss 0.01

    Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed…

  • CVE-2020-7343Jan 18, 2021
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.

  • CVE-2020-7336Jan 5, 2021
    risk 0.00cvss epss 0.01

    Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.

  • CVE-2020-7339Dec 9, 2020
    risk 0.00cvss epss 0.00

    Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server…

  • CVE-2020-7337Dec 9, 2020
    risk 0.00cvss epss 0.00

    Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via…

  • CVE-2020-7335Dec 1, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing…

  • CVE-2020-7333Nov 12, 2020
    risk 0.00cvss epss 0.01

    Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.

  • CVE-2020-7332Nov 12, 2020
    risk 0.00cvss epss 0.01

    Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.

  • CVE-2020-7331Nov 12, 2020
    risk 0.00cvss epss 0.00

    Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.

  • CVE-2020-7329Nov 11, 2020
    risk 0.00cvss epss 0.02

    Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.

  • CVE-2020-7328Nov 11, 2020
    risk 0.00cvss epss 0.02

    External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has…

  • CVE-2020-7327Oct 15, 2020
    risk 0.00cvss epss 0.00

    Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state…

  • CVE-2020-7326Oct 15, 2020
    risk 0.00cvss epss 0.00

    Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather…

  • CVE-2020-7334Oct 15, 2020
    risk 0.00cvss epss 0.00

    Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This…

  • CVE-2020-7317Oct 14, 2020
    risk 0.00cvss epss 0.00

    Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.

  • CVE-2020-7330Oct 14, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables

Page 6 of 12