Vulnerabilities > Mcafee > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-24 | CVE-2019-3622 | Files or Directories Accessible to External Parties vulnerability in Mcafee Data Loss Prevention Endpoint Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links. | 8.2 |
| 2019-06-27 | CVE-2019-3632 | Path Traversal vulnerability in Mcafee Enterprise Security Manager Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. | 8.8 |
| 2019-06-27 | CVE-2019-3631 | OS Command Injection vulnerability in Mcafee Enterprise Security Manager Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | 7.2 |
| 2019-06-27 | CVE-2019-3630 | OS Command Injection vulnerability in Mcafee Enterprise Security Manager Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | 7.2 |
| 2019-06-27 | CVE-2019-3628 | Unspecified vulnerability in Mcafee Enterprise Security Manager Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. | 8.8 |
| 2019-05-15 | CVE-2019-3586 | Unspecified vulnerability in Mcafee Endpoint Security Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection. | 7.5 |
| 2019-04-23 | CVE-2019-2602 | Resource Exhaustion vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). | 7.5 |
| 2019-02-28 | CVE-2019-3599 | Unspecified vulnerability in Mcafee Agent Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled. | 7.5 |
| 2019-02-28 | CVE-2019-3582 | Unspecified vulnerability in Mcafee Endpoint Security Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances. | 7.8 |
| 2019-02-01 | CVE-2019-3604 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Epolicy Orchestrator Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. | 8.8 |