Vulnerabilities > Mcafee
|2021-01-05||CVE-2020-7336|| Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Network Security Management 10.0/10.1.7.7/9.0 |
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 220.127.116.11 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.
| 4.3 |
|2020-12-10||CVE-2020-7339|| USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Mcafee Database Security 4.6.6 |
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.
| 5.8 |
|2020-12-09||CVE-2020-7337|| Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Virusscan Enterprise |
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.
| 4.6 |
|2020-12-01||CVE-2020-7335|| Improper Privilege Management vulnerability in Mcafee Total Protection |
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link.
| 4.4 |
|2020-11-12||CVE-2020-7333|| Cross-Site Scripting vulnerability in Mcafee Endpoint Security |
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.
| 3.5 |
|2020-11-12||CVE-2020-7332|| Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Endpoint Security |
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.
| 6.8 |
|2020-11-12||CVE-2020-7331|| Unquoted Search Path OR Element vulnerability in Mcafee Endpoint Security |
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
| 4.6 |
|2020-11-11||CVE-2020-7329|| Server-Side Request Forgery (SSRF) vulnerability in Mcafee Mvision Endpoint |
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.
| 6.5 |
|2020-11-11||CVE-2020-7328|| Server-Side Request Forgery (SSRF) vulnerability in Mcafee Mvision Endpoint |
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.
| 6.5 |
|2020-10-15||CVE-2020-7327|| Authentication Bypass BY Spoofing vulnerability in Mcafee Mvision Endpoint Detection and Response |
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed
| 4.6 |