Filtered by vendor Mcafee
Subscriptions
Filtered by product Endpoint Security
Subscriptions
Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7264 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 8.8 High |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2021-23883 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 4 Medium |
| A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial protection prior to this update. | ||||
| CVE-2021-23881 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 4.8 Medium |
| A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy. | ||||
| CVE-2020-7323 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 6.9 Medium |
| Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine. | ||||
| CVE-2017-4028 | 2 Mcafee, Microsoft | 7 Anti-virus Plus, Endpoint Security, Host Intrusion Prevention and 4 more | 2024-09-17 | N/A |
| Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. | ||||
| CVE-2020-7276 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 6.4 Medium |
| Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool. | ||||
| CVE-2020-7259 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 6.6 Medium |
| Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | ||||
| CVE-2020-7332 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 7 High |
| Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. | ||||
| CVE-2020-7277 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 6.8 Medium |
| Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered. | ||||
| CVE-2020-7275 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 4.8 Medium |
| Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file. | ||||
| CVE-2020-7263 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 6.5 Medium |
| Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. | ||||
| CVE-2021-23880 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 6.7 Medium |
| Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters. | ||||
| CVE-2020-7255 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 3.9 Low |
| Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration. | ||||
| CVE-2020-7322 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 4.7 Medium |
| Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. | ||||
| CVE-2021-23882 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 8.2 High |
| Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade. | ||||
| CVE-2020-7265 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 8.8 High |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2020-7257 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 8.4 High |
| Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent. | ||||
| CVE-2020-7261 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 6.1 Medium |
| Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | ||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 7.4 High |
| Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | ||||
| CVE-2020-7333 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 4.8 Medium |
| Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard. | ||||