Vulnerabilities > Mcafee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-7268 | Path Traversal vulnerability in Mcafee Email Gateway Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. | 4.3 |
| 2020-09-16 | CVE-2020-7297 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. | 5.7 |
| 2020-09-15 | CVE-2020-7296 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. | 5.7 |
| 2020-09-15 | CVE-2020-7295 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. | 4.6 |
| 2020-09-15 | CVE-2020-7294 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. | 4.6 |
| 2020-09-10 | CVE-2020-7315 | Untrusted Search Path vulnerability in Mcafee Agent 5.0.0 DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. | 6.7 |
| 2020-09-09 | CVE-2020-7324 | Improper Privilege Management vulnerability in Mcafee Mvision Endpoint 18.11.31.62/20.5.0.94/20.7 Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions. | 6.1 |
| 2020-09-09 | CVE-2020-7323 | Improper Authentication vulnerability in Mcafee Endpoint Security Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. | 6.9 |
| 2020-09-09 | CVE-2020-7322 | Information Exposure Through Log Files vulnerability in Mcafee Endpoint Security Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. | 4.7 |
| 2020-09-04 | CVE-2020-7299 | Insufficiently Protected Credentials vulnerability in Mcafee True KEY 5.1.165 Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations. | 4.1 |