Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-29 | CVE-2021-31838 | Command Injection vulnerability in Mcafee Mvision EDR 3.2.0/3.3.0 A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | 9.0 |
| 2021-06-10 | CVE-2021-31839 | Improper Privilege Management vulnerability in Mcafee Agent Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. | 2.1 |
| 2021-06-10 | CVE-2021-31840 | Uncontrolled Search Path Element vulnerability in Mcafee Agent 5.6.6 A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. | 4.4 |
| 2021-06-09 | CVE-2021-31832 | Cross-Site Scripting vulnerability in Mcafee Data Loss Prevention Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. | 3.5 |
| 2021-06-09 | CVE-2021-31837 | Out-Of-Bounds Write vulnerability in Mcafee Getsusp 3.0.0.461 Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD. | 6.1 |
| 2021-06-03 | CVE-2021-31830 | Cross-Site Scripting vulnerability in Mcafee Database Security 4.6.6/4.8.0 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. | 3.5 |
| 2021-06-03 | CVE-2021-31831 | Files OR Directories Accessible TO External Parties vulnerability in Mcafee Database Security 4.6.6/4.8.0 Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. | 6.5 |
| 2021-06-02 | CVE-2021-23896 | Cleartext Transmission of Sensitive Information vulnerability in Mcafee Database Security 4.6.6/4.8.0 Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. | 2.7 |
| 2021-06-02 | CVE-2021-23894 | Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0 Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | 10.0 |
| 2021-06-02 | CVE-2021-23895 | Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0 Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | 9.0 |