Vulnerabilities > Mcafee
|2023-08-21||CVE-2023-40352|| Uncontrolled Search Path Element vulnerability in Mcafee Safe Connect |
McAfee Safe Connect before 184.108.40.206 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.
| 7.2 |
|2023-07-26||CVE-2023-3946|| Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator |
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.
| 6.1 |
|2023-03-21||CVE-2023-25134|| Unspecified vulnerability in Mcafee Total Protection |
McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry.
| 6.7 |
|2023-03-13||CVE-2023-0978|| Command Injection vulnerability in multiple products |
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings.
| 6.7 |
|2023-03-13||CVE-2023-24577|| Link Following vulnerability in Mcafee Total Protection |
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys.
| 5.5 |
|2023-03-13||CVE-2023-24578|| Uncontrolled Search Path Element vulnerability in Mcafee Total Protection |
McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading.
| 5.5 |
|2023-03-13||CVE-2023-24579|| Unspecified vulnerability in Mcafee Total Protection |
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.
| 5.5 |
|2023-01-13||CVE-2023-0221|| Improper Privilege Management vulnerability in Mcafee Application and Change Control |
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.
| 4.4 |
|2022-11-23||CVE-2022-43751|| Uncontrolled Search Path Element vulnerability in Mcafee Total Protection |
McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user.
| 7.8 |
|2022-11-07||CVE-2022-2188|| Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Data Exchange Layer |
Privilege escalation vulnerability in DXL Broker for Windows prior to 220.127.116.110 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory.
| 5.5 |