Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-17 CVE-2023-5445 Open Redirect vulnerability in Mcafee Epolicy Orchestrator
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site.
network
low complexity
mcafee CWE-601
5.4
2023-07-26 CVE-2023-3946 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
6.1
2023-03-21 CVE-2023-25134 Unspecified vulnerability in Mcafee Total Protection
McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry.
local
low complexity
mcafee
6.7
2023-03-13 CVE-2023-0978 Command Injection vulnerability in multiple products
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings.
local
low complexity
mcafee trellix CWE-77
6.7
2023-03-13 CVE-2023-24577 Link Following vulnerability in Mcafee Total Protection
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys.
local
low complexity
mcafee CWE-59
5.5
2023-03-13 CVE-2023-24578 Uncontrolled Search Path Element vulnerability in Mcafee Total Protection
McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading.
local
low complexity
mcafee CWE-427
5.5
2023-03-13 CVE-2023-24579 Unspecified vulnerability in Mcafee Total Protection
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.
local
low complexity
mcafee
5.5
2023-01-13 CVE-2023-0221 Improper Privilege Management vulnerability in Mcafee Application and Change Control
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.
local
low complexity
mcafee CWE-269
4.4
2022-11-07 CVE-2022-2188 Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Data Exchange Layer
Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory.
local
low complexity
mcafee CWE-732
5.5
2022-10-18 CVE-2022-3338 XXE vulnerability in Mcafee Epolicy Orchestrator
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack.
network
high complexity
mcafee CWE-611
5.4