Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2021-01-05 CVE-2020-7336 Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Network Security Management 10.0/10.1.7.7/9.0
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.
network
mcafee CWE-352
4.3
2020-12-10 CVE-2020-7339 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Mcafee Database Security 4.6.6
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.
low complexity
mcafee CWE-327
5.8
2020-12-09 CVE-2020-7337 Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Virusscan Enterprise
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.
local
low complexity
mcafee CWE-732
4.6
2020-12-01 CVE-2020-7335 Improper Privilege Management vulnerability in Mcafee Total Protection
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link.
local
mcafee CWE-269
4.4
2020-11-12 CVE-2020-7333 Cross-Site Scripting vulnerability in Mcafee Endpoint Security
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.
network
mcafee CWE-79
3.5
2020-11-12 CVE-2020-7332 Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Endpoint Security
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.
network
mcafee CWE-352
6.8
2020-11-12 CVE-2020-7331 Unquoted Search Path OR Element vulnerability in Mcafee Endpoint Security
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
local
low complexity
mcafee CWE-428
4.6
2020-11-11 CVE-2020-7329 Server-Side Request Forgery (SSRF) vulnerability in Mcafee Mvision Endpoint
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.
network
low complexity
mcafee CWE-918
6.5
2020-11-11 CVE-2020-7328 Server-Side Request Forgery (SSRF) vulnerability in Mcafee Mvision Endpoint
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.
network
low complexity
mcafee CWE-918
6.5
2020-10-15 CVE-2020-7327 Authentication Bypass BY Spoofing vulnerability in Mcafee Mvision Endpoint Detection and Response
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed
local
low complexity
mcafee CWE-290
4.6