Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-13 CVE-2019-3646 Untrusted Search Path vulnerability in Mcafee Total Protection 16.0.36/16.0.R18
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
local
low complexity
mcafee CWE-426
6.5
2019-09-09 CVE-2019-16168 Divide By Zero vulnerability in multiple products
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
6.5
2019-08-21 CVE-2019-3634 Out-of-bounds Read vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.
local
low complexity
mcafee CWE-125
5.5
2019-08-21 CVE-2019-3633 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.
local
low complexity
mcafee CWE-119
5.5
2019-08-14 CVE-2019-3637 Unspecified vulnerability in Mcafee File and Removable Media Protection
Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges.
local
low complexity
mcafee
6.7
2019-08-14 CVE-2019-3635 Unspecified vulnerability in Mcafee web Gateway
Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe.
network
low complexity
mcafee
6.5
2019-08-13 CVE-2019-9516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.
6.5
2019-07-26 CVE-2019-13057 An issue was discovered in the server in OpenLDAP before 2.4.48. 4.9
2019-07-25 CVE-2019-3621 Unspecified vulnerability in Mcafee Data Loss Prevention Endpoint
Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked.
low complexity
mcafee
6.2
2019-07-24 CVE-2019-3595 OS Command Injection vulnerability in Mcafee Data Loss Prevention Endpoint
Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine.
local
low complexity
mcafee CWE-78
6.5