Filtered by vendor Mcafee
Subscribe
Total
597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0815 | 1 Mcafee | 1 Webadvisor | 2022-05-10 | 7.5 HIGH | 7.3 HIGH |
| Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. | |||||
| CVE-2021-31842 | 1 Mcafee | 1 Endpoint Security | 2022-05-10 | 2.1 LOW | 5.5 MEDIUM |
| XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. | |||||
| CVE-2021-23872 | 1 Mcafee | 1 Total Protection | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface. | |||||
| CVE-2021-23873 | 1 Mcafee | 1 Total Protection | 2022-05-03 | 3.6 LOW | 6.1 MEDIUM |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time. | |||||
| CVE-2020-7322 | 1 Mcafee | 1 Endpoint Security | 2022-05-03 | 2.1 LOW | 4.7 MEDIUM |
| Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. | |||||
| CVE-2021-23879 | 1 Mcafee | 1 Endpoint Product Removal Tool | 2022-05-03 | 7.2 HIGH | 6.7 MEDIUM |
| Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location. | |||||
| CVE-2022-1254 | 1 Mcafee | 1 Web Gateway | 2022-04-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy. | |||||
| CVE-2020-0543 | 6 Canonical, Fedoraproject, Intel and 3 more | 719 Ubuntu Linux, Fedora, Celeron 1000m and 716 more | 2022-04-28 | 2.1 LOW | 5.5 MEDIUM |
| Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-23885 | 1 Mcafee | 1 Web Gateway | 2022-04-26 | 9.0 HIGH | 8.8 HIGH |
| Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page. | |||||
| CVE-2022-1258 | 1 Mcafee | 2 Agent, Epolicy Orchestrator | 2022-04-22 | 6.0 MEDIUM | 7.2 HIGH |
| A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. | |||||
| CVE-2022-1257 | 1 Mcafee | 1 Agent | 2022-04-22 | 2.1 LOW | 5.5 MEDIUM |
| Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files. | |||||
| CVE-2022-1256 | 1 Mcafee | 1 Agent | 2022-04-22 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links. | |||||
| CVE-2019-3643 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. | |||||
| CVE-2020-13938 | 4 Apache, Mcafee, Microsoft and 1 more | 4 Http Server, Epolicy Orchestrator, Windows and 1 more | 2022-04-15 | 2.1 LOW | 5.5 MEDIUM |
| Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | |||||
| CVE-2021-31850 | 2 Mcafee, Microsoft | 2 Database Security, Windows | 2022-04-06 | 4.9 MEDIUM | 6.1 MEDIUM |
| A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server. | |||||
| CVE-2019-3599 | 1 Mcafee | 1 Agent | 2022-04-05 | 4.3 MEDIUM | 7.5 HIGH |
| Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled. | |||||
| CVE-2019-3644 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2022-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. | |||||
| CVE-2022-0859 | 1 Mcafee | 1 Epolicy Orchestrator | 2022-03-29 | 4.4 MEDIUM | 6.4 MEDIUM |
| McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password. | |||||
| CVE-2022-0842 | 1 Mcafee | 1 Epolicy Orchestrator | 2022-03-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges. | |||||
| CVE-2022-0858 | 1 Mcafee | 1 Epolicy Orchestrator | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | |||||