Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2019-3640 Cleartext Transmission of Sensitive Information vulnerability in Mcafee Data Loss Prevention
Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.
network
low complexity
mcafee CWE-319
6.5
2019-11-13 CVE-2019-3650 Unspecified vulnerability in Mcafee Advanced Threat Defense
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database.
network
low complexity
mcafee
6.5
2019-11-13 CVE-2019-3649 Information Exposure Through Log Files vulnerability in Mcafee Advanced Threat Defense
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files.
network
low complexity
mcafee CWE-532
6.5
2019-11-13 CVE-2019-3641 Unspecified vulnerability in Mcafee Threat Intelligence Exchange Server 3.0.0
Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages.
network
low complexity
mcafee
4.5
2019-11-13 CVE-2019-3648 Untrusted Search Path vulnerability in Mcafee products
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
local
low complexity
mcafee CWE-426
6.7
2019-10-16 CVE-2019-2975 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting).
network
high complexity
oracle redhat netapp debian opensuse mcafee canonical
4.8
2019-10-16 CVE-2019-2949 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos).
network
high complexity
oracle debian netapp redhat canonical opensuse mcafee
6.8
2019-10-09 CVE-2019-3653 Unspecified vulnerability in Mcafee Endpoint Security
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.
local
low complexity
mcafee
5.5
2019-10-09 CVE-2019-3652 Code Injection vulnerability in Mcafee Endpoint Security
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.
local
low complexity
mcafee CWE-94
5.3
2019-09-18 CVE-2019-3738 Missing Required Cryptographic Step vulnerability in multiple products
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability.
network
low complexity
dell mcafee oracle CWE-325
6.5