Filtered by vendor Mcafee
Subscribe
Total
597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7255 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 3.6 LOW | 4.4 MEDIUM |
| Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration. | |||||
| CVE-2020-7250 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 7.8 HIGH |
| Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | |||||
| CVE-2020-7277 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered. | |||||
| CVE-2020-7276 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool. | |||||
| CVE-2020-7275 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file. | |||||
| CVE-2020-7274 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | |||||
| CVE-2020-7273 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters. | |||||
| CVE-2020-7261 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | |||||
| CVE-2020-7259 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | |||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | |||||
| CVE-2020-7257 | 1 Mcafee | 1 Endpoint Security | 2020-04-17 | 3.3 LOW | 6.3 MEDIUM |
| Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent. | |||||
| CVE-2020-7260 | 1 Mcafee | 1 Application And Change Control | 2020-03-30 | 4.4 MEDIUM | 7.8 HIGH |
| DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. | |||||
| CVE-2020-7258 | 1 Mcafee | 1 Network Security Manager | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | |||||
| CVE-2020-7256 | 1 Mcafee | 1 Network Security Manager | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | |||||
| CVE-2020-7253 | 1 Mcafee | 1 Agent | 2020-03-17 | 2.1 LOW | 4.4 MEDIUM |
| Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility. | |||||
| CVE-2020-7254 | 1 Mcafee | 1 Advanced Threat Defense | 2020-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command. | |||||
| CVE-2020-7252 | 2 Mcafee, Microsoft | 2 Data Exchange Layer, Windows | 2020-02-28 | 1.9 LOW | 5.5 MEDIUM |
| Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. | |||||
| CVE-2020-7251 | 1 Mcafee | 1 Endpoint Security | 2020-02-27 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS. | |||||
| CVE-2019-3670 | 1 Mcafee | 1 Web Advisor | 2020-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | |||||
| CVE-2010-2116 | 1 Mcafee | 2 Email Gateway, Secure Mail | 2020-01-10 | 6.5 MEDIUM | N/A |
| The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. | |||||