Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-10 | CVE-2020-7314 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Agent Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. | 7.8 |
| 2020-09-10 | CVE-2020-7312 | Uncontrolled Search Path Element vulnerability in Mcafee Agent 5.0.0 DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | 7.8 |
| 2020-09-10 | CVE-2020-7311 | Improper Privilege Management vulnerability in Mcafee Agent 5.0.0 Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. | 7.0 |
| 2020-09-09 | CVE-2020-7325 | Link Following vulnerability in Mcafee Mvision Endpoint 18.11.31.62/20.5.0.94/20.7 Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | 7.8 |
| 2020-09-09 | CVE-2020-7324 | Improper Privilege Management vulnerability in Mcafee Mvision Endpoint 18.11.31.62/20.5.0.94/20.7 Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions. | 6.1 |
| 2020-09-09 | CVE-2020-7323 | Improper Authentication vulnerability in Mcafee Endpoint Security Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. | 6.9 |
| 2020-09-09 | CVE-2020-7322 | Information Exposure Through Log Files vulnerability in Mcafee Endpoint Security Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. | 4.7 |
| 2020-09-09 | CVE-2020-7320 | Unspecified vulnerability in Mcafee Endpoint Security Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services. | 7.3 |
| 2020-09-09 | CVE-2020-7319 | Link Following vulnerability in Mcafee Endpoint Security Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | 8.8 |
| 2020-09-04 | CVE-2020-7299 | Insufficiently Protected Credentials vulnerability in Mcafee True KEY 5.1.165 Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations. | 4.1 |