Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-5444 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Epolicy Orchestrator A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. | 8.0 |
| 2023-11-17 | CVE-2023-5445 | Open Redirect vulnerability in Mcafee Epolicy Orchestrator An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. | 5.4 |
| 2023-08-21 | CVE-2023-40352 | Uncontrolled Search Path Element vulnerability in Mcafee Safe Connect McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. | 7.2 |
| 2023-07-26 | CVE-2023-3946 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. | 6.1 |
| 2023-03-21 | CVE-2023-25134 | Unspecified vulnerability in Mcafee Total Protection McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. | 6.7 |
| 2023-03-13 | CVE-2023-0978 | Command Injection vulnerability in multiple products A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. | 6.7 |
| 2023-03-13 | CVE-2023-24577 | Link Following vulnerability in Mcafee Total Protection McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. | 5.5 |
| 2023-03-13 | CVE-2023-24578 | Uncontrolled Search Path Element vulnerability in Mcafee Total Protection McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. | 5.5 |
| 2023-03-13 | CVE-2023-24579 | Unspecified vulnerability in Mcafee Total Protection McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt. | 5.5 |
| 2023-01-13 | CVE-2023-0221 | Improper Privilege Management vulnerability in Mcafee Application and Change Control Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. | 4.4 |