Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-7259 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | 7.8 |
| 2020-04-15 | CVE-2020-7257 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. | 6.3 |
| 2020-04-15 | CVE-2020-7278 | Missing Authorization vulnerability in Mcafee Endpoint Security Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | 6.5 |
| 2020-04-01 | CVE-2020-7263 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Endpoint Security Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. | 6.7 |
| 2020-03-26 | CVE-2020-7260 | Untrusted Search Path vulnerability in Mcafee Application and Change Control DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. | 7.8 |
| 2020-03-18 | CVE-2020-7258 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | 4.8 |
| 2020-03-18 | CVE-2020-7256 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | 4.8 |
| 2020-03-12 | CVE-2020-7254 | Improper Privilege Management vulnerability in Mcafee Advanced Threat Defense Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command. | 7.8 |
| 2020-03-12 | CVE-2020-7253 | Improper Input Validation vulnerability in Mcafee Agent Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility. | 4.4 |
| 2020-02-24 | CVE-2019-3670 | Cross-site Scripting vulnerability in Mcafee web Advisor 8.0.0.34239/8.0.34745 Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | 6.1 |