Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2022-01-24 CVE-2021-4088 SQL Injection vulnerability in Mcafee Data Loss Prevention 11.6.401
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database.
network
low complexity
mcafee CWE-89
7.2
2022-01-19 CVE-2021-31854 OS Command Injection vulnerability in Mcafee Agent
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe.
local
low complexity
mcafee CWE-78
7.8
2022-01-19 CVE-2022-0166 Uncontrolled Search Path Element vulnerability in Mcafee Agent
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5.
local
low complexity
mcafee CWE-427
7.8
2022-01-11 CVE-2022-0129 Unspecified vulnerability in Mcafee Techcheck 3.0.0.17
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user.
local
low complexity
mcafee
6.7
2022-01-04 CVE-2021-31833 Unspecified vulnerability in Mcafee Application and Change Control
Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC.
local
low complexity
mcafee
7.8
2021-12-09 CVE-2021-4038 Cross-site Scripting vulnerability in Mcafee Network Security Manager
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML.
network
low complexity
mcafee CWE-79
4.8
2021-12-08 CVE-2021-31850 Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server.
network
low complexity
mcafee CWE-552
6.1
2021-11-23 CVE-2021-31851 Cross-site Scripting vulnerability in Mcafee Policy Auditor 5.3.0/5.3.0.167/6.5.1
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters.
network
low complexity
mcafee CWE-79
6.1
2021-11-23 CVE-2021-31852 Cross-site Scripting vulnerability in Mcafee Policy Auditor 5.3.0/5.3.0.167/6.5.1
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter.
network
low complexity
mcafee CWE-79
6.1
2021-11-10 CVE-2021-31853 Uncontrolled Search Path Element vulnerability in Mcafee Drive Encryption
DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
local
low complexity
mcafee CWE-427
7.8