Filtered by vendor Mcafee
Subscriptions
Total
603 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-7304 | 1 Mcafee | 1 Data Loss Prevention | 2024-08-04 | 7.6 High |
Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label. | ||||
CVE-2020-7307 | 1 Mcafee | 1 Data Loss Prevention | 2024-08-04 | 5.2 Medium |
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. | ||||
CVE-2020-7308 | 1 Mcafee | 1 Endpoint Security | 2024-08-04 | 4.8 Medium |
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses. | ||||
CVE-2020-7302 | 1 Mcafee | 1 Data Loss Prevention | 2024-08-04 | 5.4 Medium |
Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. | ||||
CVE-2020-7301 | 1 Mcafee | 1 Data Loss Prevention | 2024-08-04 | 4.1 Medium |
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section. | ||||
CVE-2020-7339 | 1 Mcafee | 1 Database Security | 2024-08-04 | 6.3 Medium |
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors. | ||||
CVE-2020-7297 | 1 Mcafee | 1 Web Gateway | 2024-08-04 | 5.7 Medium |
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. | ||||
CVE-2020-7305 | 1 Mcafee | 1 Data Loss Prevention | 2024-08-04 | 6.7 Medium |
Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. | ||||
CVE-2020-7296 | 1 Mcafee | 1 Web Gateway | 2024-08-04 | 5.7 Medium |
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. | ||||
CVE-2020-7306 | 1 Mcafee | 1 Data Loss Prevention | 2024-08-04 | 5.2 Medium |
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text | ||||
CVE-2020-7293 | 1 Mcafee | 1 Web Gateway | 2024-08-04 | 9 Critical |
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. | ||||
CVE-2020-7310 | 1 Mcafee | 1 Total Protection | 2024-08-04 | 6.9 Medium |
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. | ||||
CVE-2020-7298 | 1 Mcafee | 1 Total Protection | 2024-08-04 | 7.5 High |
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. | ||||
CVE-2020-7318 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-04 | 4.6 Medium |
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | ||||
CVE-2020-7317 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-04 | 4.6 Medium |
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed. | ||||
CVE-2020-7256 | 1 Mcafee | 1 Network Security Manager | 2024-08-04 | 4.8 Medium |
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | ||||
CVE-2020-7295 | 1 Mcafee | 1 Web Gateway | 2024-08-04 | 3.5 Low |
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. | ||||
CVE-2020-7282 | 1 Mcafee | 1 Total Protection | 2024-08-04 | 7.5 High |
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
CVE-2020-7294 | 1 Mcafee | 1 Web Gateway | 2024-08-04 | 4.6 Medium |
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. | ||||
CVE-2020-7268 | 1 Mcafee | 1 Email Gateway | 2024-08-04 | 4.3 Medium |
Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. |