Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-31832 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field.
network
low complexity
mcafee CWE-79
4.8
2021-06-03 CVE-2021-31830 Cross-site Scripting vulnerability in Mcafee Database Security 4.6.6/4.8.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored.
network
low complexity
mcafee CWE-79
4.8
2021-06-03 CVE-2021-31831 Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security 4.6.6/4.8.0
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console.
low complexity
mcafee CWE-552
5.5
2021-06-02 CVE-2021-23896 Cleartext Transmission of Sensitive Information vulnerability in Mcafee Database Security 4.6.6/4.8.0
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server.
low complexity
mcafee CWE-319
4.5
2021-04-22 CVE-2021-2161 Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
network
high complexity
oracle debian fedoraproject netapp mcafee
5.9
2021-04-15 CVE-2021-23886 Improper Handling of Exceptional Conditions vulnerability in Mcafee Data Loss Prevention Endpoint
Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it.
local
low complexity
mcafee CWE-755
5.5
2021-04-15 CVE-2021-23884 Cleartext Transmission of Sensitive Information vulnerability in Mcafee Content Security Reporter
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.
low complexity
mcafee CWE-319
4.3
2021-04-15 CVE-2020-7308 Cleartext Transmission of Sensitive Information vulnerability in Mcafee Endpoint Security
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS.
network
low complexity
mcafee CWE-319
6.5
2021-04-15 CVE-2020-7270 Unspecified vulnerability in Mcafee Advanced Threat Defense
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter.
network
low complexity
mcafee
4.3
2021-04-15 CVE-2020-7269 Unspecified vulnerability in Mcafee Advanced Threat Defense
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter.
network
low complexity
mcafee
4.3