Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-14 | CVE-2020-7317 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed. | 4.3 |
| 2020-10-14 | CVE-2020-7330 | Improper Privilege Management vulnerability in Mcafee Total Protection 4.0.161.1 Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables | 8.8 |
| 2020-10-07 | CVE-2020-7316 | Unquoted Search Path or Element vulnerability in Mcafee File and Removable Media Protection Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. | 7.8 |
| 2020-09-16 | CVE-2020-7268 | Path Traversal vulnerability in Mcafee Email Gateway Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. | 4.3 |
| 2020-09-16 | CVE-2020-7297 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. | 5.7 |
| 2020-09-15 | CVE-2020-7296 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. | 5.7 |
| 2020-09-15 | CVE-2020-7295 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. | 4.6 |
| 2020-09-15 | CVE-2020-7294 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. | 4.6 |
| 2020-09-15 | CVE-2020-7293 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. | 9.0 |
| 2020-09-10 | CVE-2020-7315 | Untrusted Search Path vulnerability in Mcafee Agent 5.0.0 DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. | 6.7 |