Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-15 CVE-2020-7257 Improper Privilege Management vulnerability in Mcafee Endpoint Security
Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress.
local
high complexity
mcafee CWE-269
6.3
2020-04-15 CVE-2020-7278 Missing Authorization vulnerability in Mcafee Endpoint Security
Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates.
network
low complexity
mcafee CWE-862
6.5
2020-04-01 CVE-2020-7263 Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Endpoint Security
Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.
local
low complexity
mcafee CWE-732
6.7
2020-03-18 CVE-2020-7258 Cross-site Scripting vulnerability in Mcafee Network Security Manager
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
network
low complexity
mcafee CWE-79
4.8
2020-03-18 CVE-2020-7256 Cross-site Scripting vulnerability in Mcafee Network Security Manager
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
network
low complexity
mcafee CWE-79
4.8
2020-03-12 CVE-2020-7253 Improper Input Validation vulnerability in Mcafee Agent
Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility.
local
low complexity
mcafee CWE-20
4.4
2020-02-24 CVE-2019-3670 Cross-site Scripting vulnerability in Mcafee web Advisor 8.0.0.34239/8.0.34745
Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack.
network
low complexity
mcafee CWE-79
6.1
2020-02-17 CVE-2020-7252 Unquoted Search Path or Element vulnerability in Mcafee Data Exchange Layer
Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
local
low complexity
mcafee CWE-428
5.5
2020-02-14 CVE-2020-7251 Incorrect Authorization vulnerability in Mcafee Endpoint Security
Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.
local
low complexity
mcafee CWE-863
5.5
2020-01-15 CVE-2020-2654 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). 4.3