Filtered by vendor Mcafee
Subscribe
Search
Total
574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3582 | 1 Mcafee | 1 Endpoint Security | 2020-08-24 | 6.1 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances. | |||||
| CVE-2018-18311 | 8 Apple, Canonical, Debian and 5 more | 18 Mac Os X, Ubuntu Linux, Debian Linux and 15 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2019-3592 | 1 Mcafee | 1 Agent | 2020-08-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and placing a carefully constructed file in the MA directory. | |||||
| CVE-2019-3584 | 1 Mcafee | 1 Mvision Endpoint | 2020-08-24 | 3.6 LOW | 6.0 MEDIUM |
| Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors. | |||||
| CVE-2019-3660 | 1 Mcafee | 1 Advanced Threat Defense | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | |||||
| CVE-2019-3640 | 1 Mcafee | 1 Data Loss Prevention | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity. | |||||
| CVE-2019-3634 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2020-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory. | |||||
| CVE-2019-3619 | 1 Mcafee | 1 Epolicy Orchestrator | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server. | |||||
| CVE-2019-3621 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2020-08-24 | 4.6 MEDIUM | 6.2 MEDIUM |
| Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine. | |||||
| CVE-2019-3648 | 1 Mcafee | 3 Anti-virus Plus, Internet Security, Total Protection | 2020-08-24 | 7.2 HIGH | 6.7 MEDIUM |
| A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. | |||||
| CVE-2019-3615 | 1 Mcafee | 1 Database Security | 2020-08-24 | 2.1 LOW | 6.8 MEDIUM |
| Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen. | |||||
| CVE-2019-3612 | 1 Mcafee | 2 Data Exchange Layer, Threat Intelligence Exchange | 2020-08-24 | 2.1 LOW | 4.4 MEDIUM |
| Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line. | |||||
| CVE-2019-3606 | 1 Mcafee | 1 Network Security Manager | 2020-08-24 | 1.9 LOW | 4.1 MEDIUM |
| Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. | |||||
| CVE-2019-3628 | 1 Mcafee | 1 Enterprise Security Manager | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. | |||||
| CVE-2019-3636 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. | |||||
| CVE-2018-6687 | 2 Mcafee, Microsoft | 2 Getsusp, Windows | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows. | |||||
| CVE-2019-3597 | 1 Mcafee | 1 Network Security Manager | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions. | |||||
| CVE-2019-3629 | 1 Mcafee | 1 Enterprise Security Manager | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters. | |||||
| CVE-2019-3630 | 1 Mcafee | 1 Enterprise Security Manager | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | |||||
| CVE-2020-7304 | 1 Mcafee | 1 Data Loss Prevention | 2020-08-24 | 5.2 MEDIUM | 7.6 HIGH |
| Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label. | |||||
| CVE-2020-7301 | 1 Mcafee | 1 Data Loss Prevention | 2020-08-18 | 3.5 LOW | 4.6 MEDIUM |
| Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section. | |||||
| CVE-2020-7302 | 1 Mcafee | 1 Data Loss Prevention | 2020-08-18 | 5.5 MEDIUM | 6.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. | |||||
| CVE-2020-7303 | 1 Mcafee | 1 Data Loss Prevention | 2020-08-14 | 2.3 LOW | 4.1 MEDIUM |
| Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label. | |||||
| CVE-2020-7283 | 1 Mcafee | 1 Total Protection | 2020-07-13 | 4.6 MEDIUM | 8.8 HIGH |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7280 | 1 Mcafee | 1 Virusscan Enterprise | 2020-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent. | |||||
| CVE-2019-3617 | 1 Mcafee | 1 Total Protection | 2020-06-16 | 6.9 MEDIUM | 8.2 HIGH |
| Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files. | |||||
| CVE-2020-7267 | 1 Mcafee | 1 Virusscan Enterprise | 2020-05-18 | 3.6 LOW | 8.4 HIGH |
| Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7266 | 1 Mcafee | 1 Virusscan Enterprise | 2020-05-18 | 3.6 LOW | 8.4 HIGH |
| Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7264 | 1 Mcafee | 1 Endpoint Security | 2020-05-18 | 3.6 LOW | 8.4 HIGH |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7265 | 1 Mcafee | 1 Endpoint Security | 2020-05-18 | 3.6 LOW | 8.4 HIGH |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7285 | 1 Mcafee | 1 Mvision Endpoint | 2020-05-15 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-7286 | 2 Mcafee, Microsoft | 2 Endpoint Detection And Response, Windows | 2020-05-12 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-7287 | 2 Linux, Mcafee | 2 Linux Kernel, Endpoint Detection And Response | 2020-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-7289 | 2 Mcafee, Microsoft | 2 Active Response, Windows | 2020-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-7290 | 2 Linux, Mcafee | 2 Linux Kernel, Active Response | 2020-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-7255 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 3.6 LOW | 4.4 MEDIUM |
| Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration. | |||||
| CVE-2020-7250 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 7.8 HIGH |
| Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | |||||
| CVE-2020-7277 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered. | |||||
| CVE-2020-7276 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool. | |||||
| CVE-2020-7275 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file. | |||||
| CVE-2020-7274 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | |||||
| CVE-2020-7273 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters. | |||||
| CVE-2020-7261 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | |||||
| CVE-2020-7259 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | |||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | |||||
| CVE-2020-7257 | 1 Mcafee | 1 Endpoint Security | 2020-04-17 | 3.3 LOW | 6.3 MEDIUM |
| Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent. | |||||
| CVE-2020-7260 | 1 Mcafee | 1 Application And Change Control | 2020-03-30 | 4.4 MEDIUM | 7.8 HIGH |
| DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. | |||||
| CVE-2020-7258 | 1 Mcafee | 1 Network Security Manager | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | |||||
| CVE-2020-7256 | 1 Mcafee | 1 Network Security Manager | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | |||||
| CVE-2020-7253 | 1 Mcafee | 1 Agent | 2020-03-17 | 2.1 LOW | 4.4 MEDIUM |
| Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility. | |||||