Vulnerabilities > Mcafee > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-7259 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | 7.8 |
| 2020-03-26 | CVE-2020-7260 | Untrusted Search Path vulnerability in Mcafee Application and Change Control DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. | 7.8 |
| 2020-03-12 | CVE-2020-7254 | Improper Privilege Management vulnerability in Mcafee Advanced Threat Defense Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command. | 7.8 |
| 2020-01-15 | CVE-2020-2604 | Deserialization of Untrusted Data vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). | 8.1 |
| 2019-12-11 | CVE-2019-3667 | Uncontrolled Search Path Element vulnerability in Mcafee Techcheck 3.0.0.17 DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker. | 7.8 |
| 2019-11-22 | CVE-2019-3654 | Improper Authentication vulnerability in Mcafee Client Proxy Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator. | 8.6 |
| 2019-11-14 | CVE-2019-3663 | Insufficiently Protected Credentials vulnerability in Mcafee Advanced Threat Defense Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. | 7.8 |
| 2019-11-14 | CVE-2019-3661 | SQL Injection vulnerability in Mcafee Advanced Threat Defense Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | 8.8 |
| 2019-11-13 | CVE-2019-3660 | Unspecified vulnerability in Mcafee Advanced Threat Defense Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | 8.8 |
| 2019-11-13 | CVE-2019-3651 | Improper Privilege Management vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | 8.8 |