Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-26 CVE-2021-23890 Information Exposure vulnerability in Mcafee Epolicy Orchestrator
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server.
network
low complexity
mcafee CWE-200
6.5
2021-03-26 CVE-2021-23889 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
network
low complexity
mcafee CWE-79
4.8
2021-03-26 CVE-2021-23888 Open Redirect vulnerability in Mcafee Epolicy Orchestrator
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.
network
low complexity
mcafee CWE-601
6.3
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-03-15 CVE-2021-23879 Unquoted Search Path or Element vulnerability in Mcafee Endpoint Product Removal Tool
Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder.
local
low complexity
mcafee CWE-428
6.7
2021-02-10 CVE-2021-23881 Cross-site Scripting vulnerability in Mcafee Endpoint Security
A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.
network
low complexity
mcafee CWE-79
4.8
2021-02-10 CVE-2021-23873 Link Following vulnerability in Mcafee Total Protection
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.
local
low complexity
mcafee CWE-59
6.1
2021-02-10 CVE-2021-23883 NULL Pointer Dereference vulnerability in Mcafee Endpoint Security
A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly.
local
low complexity
mcafee CWE-476
4.4
2021-02-10 CVE-2021-23882 Unspecified vulnerability in Mcafee Endpoint Security
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed.
local
low complexity
mcafee
4.4
2021-02-10 CVE-2021-23880 Unspecified vulnerability in Mcafee Endpoint Security
Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.
local
low complexity
mcafee
4.4