Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2022-01-19 CVE-2021-31854 OS Command Injection vulnerability in Mcafee Agent
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe.
local
low complexity
mcafee CWE-78
7.8
2022-01-19 CVE-2022-0166 Uncontrolled Search Path Element vulnerability in Mcafee Agent
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5.
local
low complexity
mcafee CWE-427
7.8
2022-01-11 CVE-2022-0129 Uncontrolled Search Path Element vulnerability in Mcafee Techcheck 3.0.0.17
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user.
local
low complexity
mcafee CWE-427
6.7
2022-01-04 CVE-2021-31833 Unspecified vulnerability in Mcafee Application and Change Control
Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC.
local
low complexity
mcafee
7.8
2021-12-09 CVE-2021-4038 Cross-site Scripting vulnerability in Mcafee Network Security Manager
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML.
network
low complexity
mcafee CWE-79
4.8
2021-12-08 CVE-2021-31850 Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server.
network
low complexity
mcafee CWE-552
6.1
2021-11-23 CVE-2021-31851 Cross-site Scripting vulnerability in Mcafee Policy Auditor 5.3.0/5.3.0.167/6.5.1
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters.
network
low complexity
mcafee CWE-79
6.1
2021-11-23 CVE-2021-31852 Cross-site Scripting vulnerability in Mcafee Policy Auditor 5.3.0/5.3.0.167/6.5.1
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter.
network
low complexity
mcafee CWE-79
6.1
2021-11-10 CVE-2021-31853 Uncontrolled Search Path Element vulnerability in Mcafee Drive Encryption
DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
local
low complexity
mcafee CWE-427
7.8
2021-11-01 CVE-2021-31848 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.0/11.6.100.41
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.
network
low complexity
mcafee CWE-79
6.1