Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-14 CVE-2019-3637 Unspecified vulnerability in Mcafee File and Removable Media Protection
Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges.
local
low complexity
mcafee
6.7
2019-08-14 CVE-2019-3635 Unspecified vulnerability in Mcafee web Gateway
Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe.
network
low complexity
mcafee
6.5
2019-08-13 CVE-2019-9516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.
6.5
2019-07-25 CVE-2019-3621 Unspecified vulnerability in Mcafee Data Loss Prevention Endpoint
Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked.
low complexity
mcafee
6.2
2019-07-24 CVE-2019-3595 OS Command Injection vulnerability in Mcafee Data Loss Prevention Endpoint
Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine.
local
low complexity
mcafee CWE-78
6.5
2019-07-24 CVE-2019-3591 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection.
network
low complexity
mcafee CWE-79
6.1
2019-07-23 CVE-2019-2816 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).
network
high complexity
oracle debian opensuse hp mcafee canonical redhat
4.8
2019-07-23 CVE-2019-2769 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).
network
low complexity
oracle debian canonical redhat hp mcafee opensuse
5.3
2019-07-23 CVE-2019-2762 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).
network
low complexity
oracle canonical opensuse debian redhat mcafee hp
5.3
2019-07-23 CVE-2019-2745 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security).
local
high complexity
oracle debian canonical opensuse mcafee hp
5.1