Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-13 | CVE-2019-3648 | Untrusted Search Path vulnerability in Mcafee products A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. | 6.7 |
| 2019-10-28 | CVE-2019-3636 | Cleartext Storage of Sensitive Information vulnerability in Mcafee Total Protection A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. | 7.8 |
| 2019-10-16 | CVE-2019-2975 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). | 4.8 |
| 2019-10-16 | CVE-2019-2949 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). | 6.8 |
| 2019-10-16 | CVE-2019-2933 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 3.1 |
| 2019-10-16 | CVE-2019-2894 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). | 3.7 |
| 2019-10-09 | CVE-2019-3653 | Unspecified vulnerability in Mcafee Endpoint Security Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool. | 5.5 |
| 2019-10-09 | CVE-2019-3652 | Code Injection vulnerability in Mcafee Endpoint Security Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer. | 5.3 |
| 2019-09-18 | CVE-2019-3738 | Missing Required Cryptographic Step vulnerability in multiple products RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. | 6.5 |
| 2019-09-13 | CVE-2019-3646 | Untrusted Search Path vulnerability in Mcafee Total Protection 16.0.36/16.0.R18 DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. | 6.5 |