Vulnerabilities > Mcafee > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-5444 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Epolicy Orchestrator A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. | 8.0 |
| 2023-08-21 | CVE-2023-40352 | Uncontrolled Search Path Element vulnerability in Mcafee Safe Connect McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. | 7.2 |
| 2022-11-23 | CVE-2022-43751 | Uncontrolled Search Path Element vulnerability in Mcafee Total Protection McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. | 7.8 |
| 2022-07-27 | CVE-2022-2313 | Uncontrolled Search Path Element vulnerability in Mcafee Agent A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed. | 7.3 |
| 2022-06-20 | CVE-2022-1823 | Unspecified vulnerability in Mcafee Consumer Product Removal Tool Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. | 7.8 |
| 2022-06-20 | CVE-2022-1824 | Uncontrolled Search Path Element vulnerability in Mcafee Consumer Product Removal Tool An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. | 8.2 |
| 2022-04-14 | CVE-2022-1256 | Link Following vulnerability in Mcafee Agent A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. | 7.8 |
| 2022-04-14 | CVE-2022-1258 | SQL Injection vulnerability in Mcafee Agent A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. | 7.2 |
| 2022-03-10 | CVE-2022-0815 | Exposure of Resource to Wrong Sphere vulnerability in Mcafee Webadvisor 4.1.1.48 Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. | 7.3 |
| 2022-01-24 | CVE-2021-4088 | SQL Injection vulnerability in Mcafee Data Loss Prevention 11.6.401 SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. | 7.2 |