Vulnerabilities > Mcafee > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-10 | CVE-2020-7314 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Agent Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. | 7.8 |
| 2020-09-10 | CVE-2020-7312 | Uncontrolled Search Path Element vulnerability in Mcafee Agent 5.0.0 DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | 7.8 |
| 2020-09-10 | CVE-2020-7311 | Improper Privilege Management vulnerability in Mcafee Agent 5.0.0 Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. | 7.0 |
| 2020-09-09 | CVE-2020-7325 | Link Following vulnerability in Mcafee Mvision Endpoint 18.11.31.62/20.5.0.94/20.7 Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | 7.8 |
| 2020-09-09 | CVE-2020-7320 | Unspecified vulnerability in Mcafee Endpoint Security Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services. | 7.3 |
| 2020-09-09 | CVE-2020-7319 | Link Following vulnerability in Mcafee Endpoint Security Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | 8.8 |
| 2020-08-13 | CVE-2020-7304 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Data Loss Prevention Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label. | 7.6 |
| 2020-08-05 | CVE-2020-7298 | Unspecified vulnerability in Mcafee Total Protection Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. | 8.4 |
| 2020-07-14 | CVE-2020-13935 | Infinite Loop vulnerability in multiple products The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. | 7.5 |
| 2020-07-03 | CVE-2020-7284 | Information Exposure vulnerability in Mcafee Network Security Management 10.0/9.0 Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI). | 7.8 |