VYPR

Vendor CVEs

McAfee

All CVEs

561 total · sorted by risk
  • CVE-2020-7316Oct 7, 2020
    risk 0.00cvss epss 0.00

    Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a…

  • CVE-2020-15594Sep 29, 2020
    risk 0.00cvss epss 0.02

    An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the…

  • CVE-2020-15595Sep 29, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets…

  • CVE-2020-7268Sep 16, 2020
    risk 0.00cvss epss 0.01

    Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a…

  • CVE-2020-7297Sep 15, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.

  • CVE-2020-7296Sep 15, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.

  • CVE-2020-7295Sep 15, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.

  • CVE-2020-7294Sep 15, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.

  • CVE-2020-7293Sep 15, 2020
    risk 0.00cvss epss 0.01

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.

  • CVE-2020-7315Sep 10, 2020
    risk 0.00cvss epss 0.00

    DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.

  • CVE-2020-7314Sep 10, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files.

  • CVE-2020-7311Sep 10, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files.

  • CVE-2020-7312Sep 10, 2020
    risk 0.00cvss epss 0.00

    DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.

  • CVE-2020-7325Sep 9, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.

  • CVE-2020-7324Sep 9, 2020
    risk 0.00cvss epss 0.00

    Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions.

  • CVE-2020-7323Sep 9, 2020
    risk 0.00cvss epss 0.00

    Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the…

  • CVE-2020-7322Sep 9, 2020
    risk 0.00cvss epss 0.00

    Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.

  • CVE-2020-7319Sep 9, 2020
    risk 0.00cvss epss 0.00

    Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an…

  • CVE-2020-7320Sep 9, 2020
    risk 0.00cvss epss 0.00

    Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft…

  • CVE-2020-7299Sep 4, 2020
    risk 0.00cvss epss 0.00

    Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a…

  • CVE-2020-25045Sep 2, 2020
    risk 0.00cvss epss 0.00

    Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.

  • CVE-2020-7309Aug 26, 2020
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.

  • CVE-2020-7310Aug 21, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended…

  • CVE-2020-7307Aug 13, 2020
    risk 0.00cvss epss 0.00

    Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.

  • CVE-2020-7306Aug 13, 2020
    risk 0.00cvss epss 0.00

    Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text

  • CVE-2020-7305Aug 13, 2020
    risk 0.00cvss epss 0.01

    Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials.

  • CVE-2020-7304Aug 13, 2020
    risk 0.00cvss epss 0.00

    Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label.

  • CVE-2020-7303Aug 13, 2020
    risk 0.00cvss epss 0.00

    Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label.

  • CVE-2020-7302Aug 13, 2020
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking.

  • CVE-2020-7301Aug 12, 2020
    risk 0.00cvss epss 0.01

    Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.

  • CVE-2020-7300Aug 12, 2020
    risk 0.00cvss epss 0.01

    Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.

  • CVE-2020-7298Aug 5, 2020
    risk 0.00cvss epss 0.00

    Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.

  • CVE-2020-7292Jul 15, 2020
    risk 0.00cvss epss 0.01

    Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.

  • CVE-2020-7284Jul 3, 2020
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).

  • CVE-2020-7283Jul 3, 2020
    risk 0.00cvss epss 0.01

    Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on…

  • CVE-2020-7281Jul 3, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through…

  • CVE-2020-7282Jul 3, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through…

  • CVE-2020-7262Jun 22, 2020
    risk 0.00cvss epss 0.01

    Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.

  • CVE-2020-7280Jun 10, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic…

  • CVE-2019-3588Jun 10, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.

  • CVE-2019-3585Jun 10, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with…

  • CVE-2020-7279Jun 10, 2020
    risk 0.00cvss epss 0.00

    DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.

  • CVE-2019-3613Jun 10, 2020
    risk 0.00cvss epss 0.00

    DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.

  • CVE-2019-3617Jun 10, 2020
    risk 0.00cvss epss 0.00

    Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files.

  • CVE-2020-7290May 8, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

  • CVE-2020-7291May 8, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

  • CVE-2020-7287May 8, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

  • CVE-2020-7288May 8, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

  • CVE-2020-7289May 8, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

  • CVE-2020-7285May 8, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

Page 7 of 12