Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-24 | CVE-2021-4088 | SQL Injection vulnerability in Mcafee Data Loss Prevention 11.6.401 SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. | 7.2 |
| 2022-01-19 | CVE-2021-31854 | OS Command Injection vulnerability in Mcafee Agent A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. | 7.8 |
| 2022-01-19 | CVE-2022-0166 | Uncontrolled Search Path Element vulnerability in Mcafee Agent A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. | 7.8 |
| 2022-01-11 | CVE-2022-0129 | Uncontrolled Search Path Element vulnerability in Mcafee Techcheck 3.0.0.17 Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. | 6.7 |
| 2022-01-04 | CVE-2021-31833 | Unspecified vulnerability in Mcafee Application and Change Control Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. | 7.8 |
| 2021-12-09 | CVE-2021-4038 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. | 4.8 |
| 2021-12-08 | CVE-2021-31850 | Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. | 6.1 |
| 2021-11-23 | CVE-2021-31851 | Cross-site Scripting vulnerability in Mcafee Policy Auditor 5.3.0/5.3.0.167/6.5.1 A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. | 6.1 |
| 2021-11-23 | CVE-2021-31852 | Cross-site Scripting vulnerability in Mcafee Policy Auditor 5.3.0/5.3.0.167/6.5.1 A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. | 6.1 |
| 2021-11-10 | CVE-2021-31853 | Uncontrolled Search Path Element vulnerability in Mcafee Drive Encryption DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | 7.8 |