Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-01 | CVE-2021-31848 | Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.0/11.6.100.41 Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension. | 6.1 |
| 2021-11-01 | CVE-2021-31849 | SQL Injection vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.0/11.6.100.41 SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension. | 7.2 |
| 2021-10-26 | CVE-2021-23877 | Improper Privilege Management vulnerability in Mcafee Total Protection Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP. | 7.8 |
| 2021-10-22 | CVE-2021-31834 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | 5.4 |
| 2021-10-22 | CVE-2021-31835 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized. | 4.8 |
| 2021-10-01 | CVE-2021-23893 | Improper Privilege Management vulnerability in Mcafee Drive Encryption Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer. | 7.8 |
| 2021-09-22 | CVE-2021-31836 | Unspecified vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. | 7.1 |
| 2021-09-22 | CVE-2021-31841 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. | 7.3 |
| 2021-09-22 | CVE-2021-31847 | Uncontrolled Search Path Element vulnerability in Mcafee Agent Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. | 7.8 |
| 2021-09-17 | CVE-2021-31842 | XML Entity Expansion vulnerability in Mcafee Endpoint Security XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. | 5.5 |