Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-31832 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field.
network
low complexity
mcafee CWE-79
4.8
2021-06-09 CVE-2021-31837 Out-of-bounds Write vulnerability in Mcafee Getsusp 3.0.0.461
Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD.
local
low complexity
mcafee CWE-787
7.8
2021-06-03 CVE-2021-31830 Cross-site Scripting vulnerability in Mcafee Database Security 4.6.6/4.8.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored.
network
low complexity
mcafee CWE-79
4.8
2021-06-03 CVE-2021-31831 Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security 4.6.6/4.8.0
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console.
low complexity
mcafee CWE-552
5.5
2021-06-02 CVE-2021-23896 Cleartext Transmission of Sensitive Information vulnerability in Mcafee Database Security 4.6.6/4.8.0
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server.
low complexity
mcafee CWE-319
4.5
2021-06-02 CVE-2021-23894 Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
low complexity
mcafee CWE-502
8.8
2021-06-02 CVE-2021-23895 Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.
low complexity
mcafee CWE-502
8.0
2021-05-12 CVE-2021-23872 Link Following vulnerability in Mcafee Total Protection
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface.
local
low complexity
mcafee CWE-59
7.8
2021-05-12 CVE-2021-23891 Improper Privilege Management vulnerability in Mcafee Total Protection
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
local
low complexity
mcafee CWE-269
7.8
2021-05-12 CVE-2021-23892 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mcafee Endpoint Security for Linux Threat Prevention
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.
local
high complexity
mcafee CWE-367
7.0