Vulnerabilities > Mcafee > Endpoint Security > 10.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-7275 | Unquoted Search Path or Element vulnerability in Mcafee Endpoint Security Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file. | 5.3 |
| 2020-04-15 | CVE-2020-7274 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | 7.8 |
| 2020-04-15 | CVE-2020-7273 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters. | 5.5 |
| 2020-04-15 | CVE-2020-7261 | Classic Buffer Overflow vulnerability in Mcafee Endpoint Security Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | 5.5 |
| 2020-04-15 | CVE-2020-7259 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | 7.8 |
| 2020-04-15 | CVE-2020-7257 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. | 6.3 |
| 2020-04-15 | CVE-2020-7278 | Missing Authorization vulnerability in Mcafee Endpoint Security Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | 6.5 |
| 2020-04-01 | CVE-2020-7263 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Endpoint Security Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. | 6.7 |
| 2020-02-14 | CVE-2020-7251 | Incorrect Authorization vulnerability in Mcafee Endpoint Security Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS. | 5.5 |
| 2019-10-09 | CVE-2019-3653 | Unspecified vulnerability in Mcafee Endpoint Security Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool. | 5.5 |