Filtered by vendor Mcafee
Subscriptions
Total
603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23881 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 4.8 Medium |
| A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy. | ||||
| CVE-2012-4593 | 1 Mcafee | 2 Application Control, Change Control | 2024-09-17 | N/A |
| McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command. | ||||
| CVE-2020-7311 | 1 Mcafee | 1 Mcafee Agent | 2024-09-17 | 7.8 High |
| Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. | ||||
| CVE-2020-7323 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 6.9 Medium |
| Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine. | ||||
| CVE-2017-4028 | 2 Mcafee, Microsoft | 7 Anti-virus Plus, Endpoint Security, Host Intrusion Prevention and 4 more | 2024-09-17 | N/A |
| Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. | ||||
| CVE-2012-4580 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2024-09-17 | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. | ||||
| CVE-2019-3644 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2024-09-17 | 7.5 High |
| McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. | ||||
| CVE-2020-7276 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 6.4 Medium |
| Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool. | ||||
| CVE-2012-4014 | 1 Mcafee | 1 Email And Web Security | 2024-09-17 | N/A |
| Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2012-5879 | 1 Mcafee | 2 Epo Mcafee Virtual Technician, Mcafee Virtual Technician | 2024-09-17 | N/A |
| An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method. | ||||
| CVE-2014-8533 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-17 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection. | ||||
| CVE-2016-1715 | 2 Mcafee, Microsoft | 2 Application Control, Windows | 2024-09-17 | N/A |
| The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location. | ||||
| CVE-2020-7290 | 2 Linux, Mcafee | 2 Linux Kernel, Active Response | 2024-09-17 | 7.8 High |
| Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | ||||
| CVE-2020-7259 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 6.6 Medium |
| Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | ||||
| CVE-2020-7332 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 7 High |
| Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. | ||||
| CVE-2014-8519 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-17 | N/A |
| Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors. | ||||
| CVE-2015-1617 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-09-17 | N/A |
| Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2021-1258 | 3 Cisco, Mcafee, Microsoft | 3 Anyconnect Secure Mobility Client, Agent Epolicy Orchestrator Extension, Windows | 2024-09-17 | 5.5 Medium |
| A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability. | ||||
| CVE-2019-3593 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2024-09-17 | N/A |
| Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware. | ||||
| CVE-2020-7314 | 1 Mcafee | 1 Mcafee Agent | 2024-09-17 | 8.2 High |
| Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. | ||||