Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-21 | CVE-2023-40352 | Uncontrolled Search Path Element vulnerability in Mcafee Safe Connect McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. | 7.2 |
| 2023-07-26 | CVE-2023-3946 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. | 6.1 |
| 2023-03-21 | CVE-2023-25134 | Unspecified vulnerability in Mcafee Total Protection McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. | 6.7 |
| 2023-03-13 | CVE-2023-0978 | Command Injection vulnerability in multiple products A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. | 6.7 |
| 2023-03-13 | CVE-2023-24577 | Link Following vulnerability in Mcafee Total Protection McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. | 5.5 |
| 2023-03-13 | CVE-2023-24578 | Uncontrolled Search Path Element vulnerability in Mcafee Total Protection McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. | 5.5 |
| 2023-03-13 | CVE-2023-24579 | Unspecified vulnerability in Mcafee Total Protection McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt. | 5.5 |
| 2023-01-13 | CVE-2023-0221 | Improper Privilege Management vulnerability in Mcafee Application and Change Control Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. | 4.4 |
| 2022-11-23 | CVE-2022-43751 | Uncontrolled Search Path Element vulnerability in Mcafee Total Protection McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. | 7.8 |
| 2022-11-07 | CVE-2022-2188 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Data Exchange Layer Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. | 5.5 |