Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-10 | CVE-2021-23882 | Unspecified vulnerability in Mcafee Endpoint Security Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. | 4.4 |
| 2021-02-10 | CVE-2021-23880 | Unspecified vulnerability in Mcafee Endpoint Security Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters. | 4.4 |
| 2021-02-10 | CVE-2021-23878 | Cleartext Storage of Sensitive Information vulnerability in Mcafee Endpoint Security Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. | 5.0 |
| 2021-01-26 | CVE-2021-3156 | Off-by-one Error vulnerability in multiple products Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. local low complexity sudo-project fedoraproject debian netapp mcafee synology beyondtrust oracle CWE-193 | 7.8 |
| 2021-01-20 | CVE-2021-1257 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. | 8.8 |
| 2021-01-18 | CVE-2020-7343 | Missing Authorization vulnerability in Mcafee Agent Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. | 5.5 |
| 2021-01-13 | CVE-2021-1258 | Improper Privilege Management vulnerability in multiple products A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. | 5.5 |
| 2021-01-05 | CVE-2020-7336 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Network Security Management 10.0/10.1.7.7/9.0 Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request. | 6.5 |
| 2020-12-10 | CVE-2020-7339 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mcafee Database Security 4.6.6 Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors. | 6.3 |
| 2020-12-09 | CVE-2020-7337 | Unspecified vulnerability in Mcafee Virusscan Enterprise Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks. | 6.7 |