Vulnerabilities > Mcafee
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-17 | CVE-2021-31843 | Link Following vulnerability in Mcafee Endpoint Security Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. | 7.8 |
2021-09-17 | CVE-2021-31844 | Classic Buffer Overflow vulnerability in Mcafee Data Loss Prevention Endpoint A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. | 7.3 |
2021-09-17 | CVE-2021-31845 | Classic Buffer Overflow vulnerability in Mcafee Data Loss Prevention Discover A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. | 7.3 |
2021-08-24 | CVE-2021-3712 | Out-of-bounds Read vulnerability in multiple products ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. | 7.4 |
2021-07-12 | CVE-2021-30639 | Improper Handling of Exceptional Conditions vulnerability in multiple products A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. | 7.5 |
2021-07-12 | CVE-2021-33037 | HTTP Request Smuggling vulnerability in multiple products Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. | 5.3 |
2021-06-29 | CVE-2021-31838 | OS Command Injection vulnerability in Mcafee Mvision EDR 3.2.0/3.3.0 A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | 9.1 |
2021-06-10 | CVE-2021-31839 | Unspecified vulnerability in Mcafee Agent Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. | 3.3 |
2021-06-10 | CVE-2021-31840 | Uncontrolled Search Path Element vulnerability in Mcafee Agent 5.0.0/5.6.6 A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. | 7.3 |
2021-06-10 | CVE-2020-13938 | Missing Authorization vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | 5.5 |