Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2023-01-13 CVE-2023-0221 Improper Privilege Management vulnerability in Mcafee Application and Change Control
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.
local
low complexity
mcafee CWE-269
4.4
2022-11-23 CVE-2022-43751 Uncontrolled Search Path Element vulnerability in Mcafee Total Protection
McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user.
local
low complexity
mcafee CWE-427
7.8
2022-11-07 CVE-2022-2188 Incorrect Authorization vulnerability in Mcafee Data Exchange Layer
Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory.
local
low complexity
mcafee CWE-863
5.5
2022-10-18 CVE-2022-3338 XXE vulnerability in Mcafee Epolicy Orchestrator
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack.
network
high complexity
mcafee CWE-611
5.4
2022-10-18 CVE-2022-3339 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
6.1
2022-08-30 CVE-2022-2330 XXE vulnerability in Mcafee Data Loss Prevention Endpoint
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.
network
low complexity
mcafee CWE-611
6.5
2022-06-20 CVE-2022-1823 Improper Privilege Management vulnerability in Mcafee Consumer Product Removal Tool
Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack.
local
low complexity
mcafee CWE-269
4.6
2022-06-20 CVE-2022-1824 Uncontrolled Search Path Element vulnerability in Mcafee Consumer Product Removal Tool
An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name.
local
mcafee CWE-427
4.4
2022-04-20 CVE-2022-1254 Open Redirect vulnerability in Mcafee web Gateway
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker.
network
mcafee CWE-601
5.8
2022-04-14 CVE-2022-1256 Improper Privilege Management vulnerability in Mcafee Agent
A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality.
local
low complexity
mcafee CWE-269
7.2