Vulnerabilities > Mcafee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2019-3670 | Cross-site Scripting vulnerability in Mcafee web Advisor 8.0.0.34239/8.0.34745 Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | 6.1 |
| 2020-02-17 | CVE-2020-7252 | Unquoted Search Path or Element vulnerability in Mcafee Data Exchange Layer Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. | 5.5 |
| 2020-02-14 | CVE-2020-7251 | Incorrect Authorization vulnerability in Mcafee Endpoint Security Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS. | 5.5 |
| 2020-01-15 | CVE-2020-2593 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). | 4.8 |
| 2019-12-03 | CVE-2019-3666 | Unspecified vulnerability in Mcafee Webadvisor API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site. | 6.5 |
| 2019-12-03 | CVE-2019-3665 | Code Injection vulnerability in Mcafee Webadvisor Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. | 6.5 |
| 2019-11-14 | CVE-2019-3662 | Path Traversal vulnerability in Mcafee Advanced Threat Defense Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. | 6.5 |
| 2019-11-14 | CVE-2019-3640 | Cleartext Transmission of Sensitive Information vulnerability in Mcafee Data Loss Prevention Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity. | 6.5 |
| 2019-11-13 | CVE-2019-3650 | Unspecified vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. | 6.5 |
| 2019-11-13 | CVE-2019-3649 | Information Exposure Through Log Files vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. | 6.5 |