Vulnerabilities > Mcafee > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-09 | CVE-2021-4038 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. | 4.8 |
2021-12-08 | CVE-2021-31850 | Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. | 6.1 |
2021-11-23 | CVE-2021-31851 | Cross-site Scripting vulnerability in Mcafee Policy Auditor 5.3.0/5.3.0.167/6.5.1 A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. | 6.1 |
2021-11-23 | CVE-2021-31852 | Cross-site Scripting vulnerability in Mcafee Policy Auditor 5.3.0/5.3.0.167/6.5.1 A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. | 6.1 |
2021-11-01 | CVE-2021-31848 | Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint 11.6.0/11.6.100.41 Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension. | 6.1 |
2021-10-22 | CVE-2021-31834 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | 5.4 |
2021-10-22 | CVE-2021-31835 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized. | 4.8 |
2021-09-17 | CVE-2021-31842 | XML Entity Expansion vulnerability in Mcafee Endpoint Security XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. | 5.5 |
2021-07-12 | CVE-2021-33037 | HTTP Request Smuggling vulnerability in multiple products Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. | 5.3 |
2021-06-10 | CVE-2020-13938 | Missing Authorization vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | 5.5 |