Vulnerabilities > Mcafee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-18 | CVE-2020-7343 | Missing Authorization vulnerability in Mcafee Agent Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. | 5.5 |
| 2021-01-13 | CVE-2021-1258 | Improper Privilege Management vulnerability in multiple products A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. | 5.5 |
| 2021-01-05 | CVE-2020-7336 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Network Security Management 10.0/10.1.7.7/9.0 Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request. | 6.5 |
| 2020-12-10 | CVE-2020-7339 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mcafee Database Security 4.6.6 Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors. | 6.3 |
| 2020-12-09 | CVE-2020-7337 | Unspecified vulnerability in Mcafee Virusscan Enterprise Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks. | 6.7 |
| 2020-11-12 | CVE-2020-7333 | Cross-site Scripting vulnerability in Mcafee Endpoint Security Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard. | 4.8 |
| 2020-10-15 | CVE-2020-7327 | Authentication Bypass by Spoofing vulnerability in Mcafee Mvision Endpoint Detection and Response 3.0.0/3.1.0 Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed | 6.7 |
| 2020-10-15 | CVE-2020-7326 | Authentication Bypass by Spoofing vulnerability in Mcafee Active Response Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed | 6.7 |
| 2020-10-14 | CVE-2020-7318 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator 5.10.0/5.10.9 Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | 4.3 |
| 2020-10-14 | CVE-2020-7317 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed. | 4.3 |