Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-14 CVE-2020-7318 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator 5.10.0/5.10.9
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
low complexity
mcafee CWE-79
4.3
2020-10-14 CVE-2020-7317 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.
low complexity
mcafee CWE-79
4.3
2020-09-16 CVE-2020-7268 Path Traversal vulnerability in Mcafee Email Gateway
Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory.
network
low complexity
mcafee CWE-22
4.3
2020-09-16 CVE-2020-7297 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.
low complexity
mcafee CWE-287
5.7
2020-09-15 CVE-2020-7296 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.
low complexity
mcafee CWE-287
5.7
2020-09-15 CVE-2020-7295 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.
low complexity
mcafee CWE-287
4.6
2020-09-15 CVE-2020-7294 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.
low complexity
mcafee CWE-287
4.6
2020-09-10 CVE-2020-7315 Untrusted Search Path vulnerability in Mcafee Agent 5.0.0
DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.
local
low complexity
mcafee CWE-426
6.7
2020-09-09 CVE-2020-7324 Improper Privilege Management vulnerability in Mcafee Mvision Endpoint 18.11.31.62/20.5.0.94/20.7
Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions.
local
low complexity
mcafee CWE-269
6.1
2020-09-09 CVE-2020-7323 Improper Authentication vulnerability in Mcafee Endpoint Security
Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges.
high complexity
mcafee CWE-287
6.9