Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2021-10-01 CVE-2021-23893 Improper Privilege Management vulnerability in Mcafee Drive Encryption
Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer.
local
low complexity
mcafee CWE-269
4.6
2021-09-22 CVE-2021-31836 Improper Privilege Management vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information.
local
low complexity
mcafee CWE-269
3.6
2021-09-22 CVE-2021-31841 Improper Verification of Cryptographic Signature vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location.
local
mcafee CWE-347
6.9
2021-09-22 CVE-2021-31847 Improper Privilege Management vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs.
local
mcafee CWE-269
6.9
2021-09-17 CVE-2021-31842 XXE vulnerability in Mcafee Endpoint Security
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.
local
low complexity
mcafee CWE-611
2.1
2021-09-17 CVE-2021-31843 Improper Privilege Management vulnerability in Mcafee Endpoint Security
Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.
local
low complexity
mcafee CWE-269
4.6
2021-09-17 CVE-2021-31844 Classic Buffer Overflow vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.100.41
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file.
local
low complexity
mcafee CWE-120
4.6
2021-09-17 CVE-2021-31845 Classic Buffer Overflow vulnerability in Mcafee Data Loss Prevention Discover
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges.
network
mcafee CWE-120
6.0
2021-06-29 CVE-2021-31838 Command Injection vulnerability in Mcafee Mvision EDR 3.2.0/3.3.0
A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.
network
low complexity
mcafee CWE-77
critical
9.0
2021-06-10 CVE-2021-31839 Improper Privilege Management vulnerability in Mcafee Agent
Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder.
local
low complexity
mcafee CWE-269
2.1