Vulnerabilities > Mcafee > Agent > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-14 CVE-2022-1257 Insecure Storage of Sensitive Information vulnerability in Mcafee Agent
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db.
local
low complexity
mcafee CWE-922
5.5
2021-01-20 CVE-2021-1257 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent.
network
cisco mcafee CWE-352
6.8
2021-01-18 CVE-2020-7343 Missing Authorization vulnerability in Mcafee Agent
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files.
local
low complexity
mcafee CWE-862
5.5
2020-03-12 CVE-2020-7253 Improper Input Validation vulnerability in Mcafee Agent
Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility.
local
low complexity
mcafee CWE-20
4.4
2019-07-18 CVE-2019-3592 Unspecified vulnerability in Mcafee Agent
Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and placing a carefully constructed file in the MA directory.
local
low complexity
mcafee
6.7
2019-02-28 CVE-2019-3598 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee Agent
Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets.
network
low complexity
mcafee CWE-119
5.3
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2013-10-05 CVE-2013-3627 Resource Management Errors vulnerability in Mcafee Agent
FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request.
network
low complexity
mcafee CWE-399
5.0
2008-03-17 CVE-2008-1357 USE of Externally-Controlled Format String vulnerability in Mcafee products
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082.
network
high complexity
mcafee CWE-134
5.4