Filtered by vendor Mcafee
Subscriptions
Total
604 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7323 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 6.9 Medium |
| Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine. | ||||
| CVE-2020-7322 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.7 Medium |
| Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. | ||||
| CVE-2020-7320 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 6.7 Medium |
| Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services. | ||||
| CVE-2020-7319 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 8.8 High |
| Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | ||||
| CVE-2020-7318 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.6 Medium |
| Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | ||||
| CVE-2020-7317 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.6 Medium |
| Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed. | ||||
| CVE-2020-7316 | 1 Mcafee | 1 File And Removable Media Protection | 2024-11-21 | 6.6 Medium |
| Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered. | ||||
| CVE-2020-7315 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 6 Medium |
| DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. | ||||
| CVE-2020-7314 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 8.2 High |
| Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. | ||||
| CVE-2020-7312 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 7.8 High |
| DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | ||||
| CVE-2020-7311 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 7.8 High |
| Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. | ||||
| CVE-2020-7310 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 6.9 Medium |
| Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. | ||||
| CVE-2020-7309 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 3.9 Low |
| Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. | ||||
| CVE-2020-7308 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.8 Medium |
| Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses. | ||||
| CVE-2020-7307 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 5.2 Medium |
| Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. | ||||
| CVE-2020-7306 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 5.2 Medium |
| Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text | ||||
| CVE-2020-7305 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 6.7 Medium |
| Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. | ||||
| CVE-2020-7304 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 7.6 High |
| Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label. | ||||
| CVE-2020-7303 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 4.1 Medium |
| Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label. | ||||
| CVE-2020-7302 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 5.4 Medium |
| Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. | ||||