Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-01 | CVE-2021-23893 | Improper Privilege Management vulnerability in Mcafee Drive Encryption Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer. | 4.6 |
| 2021-09-22 | CVE-2021-31836 | Improper Privilege Management vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. | 3.6 |
| 2021-09-22 | CVE-2021-31841 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. | 6.9 |
| 2021-09-22 | CVE-2021-31847 | Improper Privilege Management vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. | 6.9 |
| 2021-09-17 | CVE-2021-31842 | XXE vulnerability in Mcafee Endpoint Security XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. | 2.1 |
| 2021-09-17 | CVE-2021-31843 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. | 4.6 |
| 2021-09-17 | CVE-2021-31844 | Classic Buffer Overflow vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.100.41 A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. | 4.6 |
| 2021-09-17 | CVE-2021-31845 | Classic Buffer Overflow vulnerability in Mcafee Data Loss Prevention Discover A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. | 6.0 |
| 2021-06-29 | CVE-2021-31838 | Command Injection vulnerability in Mcafee Mvision EDR 3.2.0/3.3.0 A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | 9.0 |
| 2021-06-10 | CVE-2021-31839 | Improper Privilege Management vulnerability in Mcafee Agent Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. | 2.1 |