CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mcafee : Security Vulnerabilities (CVSS score between 2 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-1257 922 2022-04-14 2022-04-23
2.1
None Local Low Not required Partial None None
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.
2 CVE-2021-31848 79 XSS 2021-11-01 2021-11-03
3.5
None Remote Medium ??? None Partial None
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.
3 CVE-2021-31842 776 DoS 2021-09-17 2022-05-10
2.1
None Local Low Not required None None Partial
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.
4 CVE-2021-31839 269 2021-06-10 2021-06-15
2.1
None Local Low Not required None Partial None
Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server.
5 CVE-2021-31836 269 +Priv 2021-09-22 2021-09-29
3.6
None Local Low Not required Partial Partial None
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.
6 CVE-2021-31834 79 XSS 2021-10-22 2021-10-25
3.5
None Remote Medium ??? None Partial None
Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
7 CVE-2021-31832 79 Exec Code XSS 2021-06-09 2021-06-22
3.5
None Remote Medium ??? None Partial None
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.
8 CVE-2021-31830 79 XSS 2021-06-03 2021-06-11
3.5
None Remote Medium ??? None Partial None
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database.
9 CVE-2021-23896 319 2021-06-02 2021-06-11
2.7
None Local Network Low ??? Partial None None
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.
10 CVE-2021-23889 79 XSS 2021-03-26 2021-03-30
3.5
None Remote Medium ??? None Partial None
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
11 CVE-2021-23884 319 2021-04-15 2021-04-21
2.7
None Local Network Low ??? Partial None None
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.
12 CVE-2021-23881 79 XSS 2021-02-10 2021-02-12
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.
13 CVE-2021-23880 269 2021-02-10 2021-02-12
2.1
None Local Low Not required None Partial None
Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.
14 CVE-2021-23873 59 DoS +Priv 2021-02-10 2022-05-03
3.6
None Local Low Not required None Partial Partial
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.
15 CVE-2021-4038 79 XSS 2021-12-09 2021-12-13
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios.
16 CVE-2020-13938 862 2021-06-10 2022-04-15
2.1
None Local Low Not required None None Partial
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
17 CVE-2020-7343 862 2021-01-18 2021-01-26
2.1
None Local Low Not required None Partial None
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
18 CVE-2020-7333 79 XSS 2020-11-12 2020-11-23
3.5
None Remote Medium ??? None Partial None
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.
19 CVE-2020-7324 269 Bypass 2020-09-09 2020-09-14
3.6
None Local Low Not required None Partial Partial
Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions.
20 CVE-2020-7322 532 2020-09-09 2022-05-03
2.1
None Local Low Not required Partial None None
Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.
21 CVE-2020-7320 2020-09-09 2020-09-11
2.1
None Local Low Not required None Partial None
Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services.
22 CVE-2020-7318 79 XSS 2020-10-14 2020-12-23
2.3
None Local Network Medium ??? None Partial None
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
23 CVE-2020-7317 79 XSS 2020-10-14 2020-10-19
2.3
None Local Network Medium ??? None Partial None
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.
24 CVE-2020-7310 269 2020-08-21 2020-10-19
3.3
None Local Medium Not required None Partial Partial
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file.
25 CVE-2020-7309 79 XSS 2020-08-26 2020-09-02
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.
26 CVE-2020-7307 522 2020-08-13 2020-10-19
2.1
None Local Low Not required Partial None None
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.
27 CVE-2020-7306 522 2020-08-13 2020-10-19
2.1
None Local Low Not required Partial None None
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text
28 CVE-2020-7303 79 XSS 2020-08-13 2020-08-14
2.3
None Local Network Medium ??? None Partial None
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label.
29 CVE-2020-7301 79 XSS 2020-08-12 2020-08-18
3.5
None Remote Medium ??? None Partial None
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.
30 CVE-2020-7298 20 2020-08-05 2021-07-21
3.6
None Local Low Not required None Partial Partial
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
31 CVE-2020-7297 287 2020-09-16 2020-10-19
2.7
None Local Network Low ??? Partial None None
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.
32 CVE-2020-7296 287 2020-09-15 2022-01-06
2.7
None Local Network Low ??? Partial None None
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.
33 CVE-2020-7282 59 2020-07-03 2020-10-19
3.3
None Local Medium Not required None Partial Partial
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
34 CVE-2020-7273 269 2020-04-15 2020-04-20
2.1
None Local Low Not required None Partial None
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.
35 CVE-2020-7267 269 2020-05-08 2020-05-18
3.6
None Local Low Not required None Partial Partial
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
36 CVE-2020-7266 269 2020-05-08 2020-05-18
3.6
None Local Low Not required None Partial Partial
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
37 CVE-2020-7265 269 2020-05-08 2020-05-18
3.6
None Local Low Not required None Partial Partial
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
38 CVE-2020-7264 269 2020-05-08 2020-05-18
3.6
None Local Low Not required None Partial Partial
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
39 CVE-2020-7262 200 +Info 2020-06-22 2020-10-19
2.1
None Local Low Not required Partial None None
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.
40 CVE-2020-7261 120 Overflow 2020-04-15 2020-04-20
2.1
None Local Low Not required None Partial None
Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.
41 CVE-2020-7258 79 XSS 2020-03-18 2020-03-19
3.5
None Remote Medium ??? None Partial None
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
42 CVE-2020-7257 269 2020-04-15 2020-04-17
3.3
None Local Medium Not required None Partial Partial
Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent.
43 CVE-2020-7256 79 XSS 2020-03-18 2020-03-19
3.5
None Remote Medium ??? None Partial None
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
44 CVE-2020-7255 269 +Priv 2020-04-15 2020-04-21
3.6
None Local Low Not required None Partial Partial
Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration.
45 CVE-2020-7253 20 2020-03-12 2020-03-17
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility.
46 CVE-2020-7251 863 2020-02-14 2020-02-27
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.
47 CVE-2020-0543 459 2020-06-15 2022-04-28
2.1
None Local Low Not required Partial None None
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
48 CVE-2019-3663 522 2019-11-14 2020-01-07
2.1
None Local Low Not required Partial None None
Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details
49 CVE-2019-3653 2019-10-09 2020-10-16
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.
50 CVE-2019-3641 2019-11-13 2020-10-16
3.5
None Remote Medium ??? None Partial None
Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages.
Total number of vulnerabilities : 94   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.