Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2021-09-17 CVE-2021-31843 Link Following vulnerability in Mcafee Endpoint Security
Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.
local
low complexity
mcafee CWE-59
7.8
2021-09-17 CVE-2021-31844 Classic Buffer Overflow vulnerability in Mcafee Data Loss Prevention Endpoint
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file.
local
low complexity
mcafee CWE-120
7.3
2021-09-17 CVE-2021-31845 Classic Buffer Overflow vulnerability in Mcafee Data Loss Prevention Discover
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges.
local
low complexity
mcafee CWE-120
7.3
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
7.4
2021-07-12 CVE-2021-30639 Improper Handling of Exceptional Conditions vulnerability in multiple products
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service.
network
low complexity
apache mcafee oracle CWE-755
7.5
2021-07-12 CVE-2021-33037 HTTP Request Smuggling vulnerability in multiple products
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.
network
low complexity
apache debian oracle mcafee CWE-444
5.3
2021-06-29 CVE-2021-31838 OS Command Injection vulnerability in Mcafee Mvision EDR 3.2.0/3.3.0
A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.
network
low complexity
mcafee CWE-78
critical
9.1
2021-06-10 CVE-2021-31839 Unspecified vulnerability in Mcafee Agent
Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder.
local
low complexity
mcafee
3.3
2021-06-10 CVE-2021-31840 Uncontrolled Search Path Element vulnerability in Mcafee Agent 5.0.0/5.6.6
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs.
local
low complexity
mcafee CWE-427
7.3
2021-06-10 CVE-2020-13938 Missing Authorization vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
local
low complexity
apache mcafee netapp CWE-862
5.5