Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-13 CVE-2019-3648 Untrusted Search Path vulnerability in Mcafee products
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
local
low complexity
mcafee CWE-426
6.7
2019-10-16 CVE-2019-2975 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting).
network
high complexity
oracle redhat netapp debian opensuse mcafee canonical
4.8
2019-10-16 CVE-2019-2949 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos).
network
high complexity
oracle debian netapp redhat canonical opensuse mcafee
6.8
2019-10-09 CVE-2019-3653 Unspecified vulnerability in Mcafee Endpoint Security
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.
local
low complexity
mcafee
5.5
2019-10-09 CVE-2019-3652 Code Injection vulnerability in Mcafee Endpoint Security
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.
local
low complexity
mcafee CWE-94
5.3
2019-09-18 CVE-2019-3738 Missing Required Cryptographic Step vulnerability in multiple products
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability.
network
low complexity
dell mcafee oracle CWE-325
6.5
2019-09-13 CVE-2019-3646 Untrusted Search Path vulnerability in Mcafee Total Protection 16.0.36/16.0.R18
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
local
low complexity
mcafee CWE-426
6.5
2019-09-09 CVE-2019-16168 Divide By Zero vulnerability in multiple products
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
6.5
2019-08-21 CVE-2019-3634 Out-of-bounds Read vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.
local
low complexity
mcafee CWE-125
5.5
2019-08-21 CVE-2019-3633 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.
local
low complexity
mcafee CWE-119
5.5