Vulnerabilities > Mcafee > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-24 | CVE-2021-4088 | SQL Injection vulnerability in Mcafee Data Loss Prevention 11.6.401 SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. | 7.2 |
| 2022-01-19 | CVE-2021-31854 | OS Command Injection vulnerability in Mcafee Agent A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. | 7.8 |
| 2022-01-19 | CVE-2022-0166 | Uncontrolled Search Path Element vulnerability in Mcafee Agent A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. | 7.8 |
| 2022-01-04 | CVE-2021-31833 | Unspecified vulnerability in Mcafee Application and Change Control Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. | 7.8 |
| 2021-11-10 | CVE-2021-31853 | Uncontrolled Search Path Element vulnerability in Mcafee Drive Encryption DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | 7.8 |
| 2021-11-01 | CVE-2021-31849 | SQL Injection vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.0/11.6.100.41 SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension. | 7.2 |
| 2021-10-26 | CVE-2021-23877 | Improper Privilege Management vulnerability in Mcafee Total Protection Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP. | 7.8 |
| 2021-10-01 | CVE-2021-23893 | Improper Privilege Management vulnerability in Mcafee Drive Encryption Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer. | 7.8 |
| 2021-09-22 | CVE-2021-31836 | Unspecified vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. | 7.1 |
| 2021-09-22 | CVE-2021-31841 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. | 7.3 |