Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-09 CVE-2021-4038 Cross-site Scripting vulnerability in Mcafee Network Security Manager
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML.
network
low complexity
mcafee CWE-79
4.8
2021-12-08 CVE-2021-31850 Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server.
network
low complexity
mcafee CWE-552
6.1
2021-11-23 CVE-2021-31851 Cross-site Scripting vulnerability in Mcafee Policy Auditor 5.3.0/5.3.0.167/6.5.1
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters.
network
low complexity
mcafee CWE-79
6.1
2021-11-23 CVE-2021-31852 Cross-site Scripting vulnerability in Mcafee Policy Auditor 5.3.0/5.3.0.167/6.5.1
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter.
network
low complexity
mcafee CWE-79
6.1
2021-11-01 CVE-2021-31848 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.0/11.6.100.41
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.
network
low complexity
mcafee CWE-79
6.1
2021-10-22 CVE-2021-31834 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
network
low complexity
mcafee CWE-79
5.4
2021-10-22 CVE-2021-31835 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.
network
low complexity
mcafee CWE-79
4.8
2021-09-17 CVE-2021-31842 XML Entity Expansion vulnerability in Mcafee Endpoint Security
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.
local
low complexity
mcafee CWE-776
5.5
2021-07-21 CVE-2021-2432 Vulnerability in the Java SE product of Oracle Java SE (component: JNDI).
network
oracle mcafee
4.3
2021-07-12 CVE-2021-33037 HTTP Request Smuggling vulnerability in multiple products
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.
network
low complexity
apache debian oracle mcafee CWE-444
5.3