Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2023-11-17 CVE-2023-5444 Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Epolicy Orchestrator
A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server.
network
low complexity
mcafee CWE-352
8.0
2023-11-17 CVE-2023-5445 Open Redirect vulnerability in Mcafee Epolicy Orchestrator
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site.
network
low complexity
mcafee CWE-601
5.4
2023-08-21 CVE-2023-40352 Uncontrolled Search Path Element vulnerability in Mcafee Safe Connect
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.
network
low complexity
mcafee CWE-427
7.2
2023-07-26 CVE-2023-3946 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
6.1
2023-03-21 CVE-2023-25134 Unspecified vulnerability in Mcafee Total Protection
McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry.
local
low complexity
mcafee
6.7
2023-03-13 CVE-2023-0978 Command Injection vulnerability in multiple products
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings.
local
low complexity
mcafee trellix CWE-77
6.7
2023-03-13 CVE-2023-24577 Link Following vulnerability in Mcafee Total Protection
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys.
local
low complexity
mcafee CWE-59
5.5
2023-03-13 CVE-2023-24578 Uncontrolled Search Path Element vulnerability in Mcafee Total Protection
McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading.
local
low complexity
mcafee CWE-427
5.5
2023-03-13 CVE-2023-24579 Unspecified vulnerability in Mcafee Total Protection
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.
local
low complexity
mcafee
5.5
2023-01-13 CVE-2023-0221 Improper Privilege Management vulnerability in Mcafee Application and Change Control
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.
local
low complexity
mcafee CWE-269
4.4