Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-14782 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). 4.3
2020-10-15 CVE-2020-7327 Authentication Bypass by Spoofing vulnerability in Mcafee Mvision Endpoint Detection and Response 3.0.0/3.1.0
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed
local
low complexity
mcafee CWE-290
6.7
2020-10-15 CVE-2020-7326 Authentication Bypass by Spoofing vulnerability in Mcafee Active Response
Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed
local
low complexity
mcafee CWE-290
6.7
2020-10-14 CVE-2020-7318 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator 5.10.0/5.10.9
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
low complexity
mcafee CWE-79
4.3
2020-10-14 CVE-2020-7317 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.
low complexity
mcafee CWE-79
4.3
2020-09-16 CVE-2020-7268 Path Traversal vulnerability in Mcafee Email Gateway
Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory.
network
low complexity
mcafee CWE-22
4.3
2020-09-16 CVE-2020-7297 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.
low complexity
mcafee CWE-287
5.7
2020-09-15 CVE-2020-7296 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.
low complexity
mcafee CWE-287
5.7
2020-09-15 CVE-2020-7295 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.
low complexity
mcafee CWE-287
4.6
2020-09-15 CVE-2020-7294 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.
low complexity
mcafee CWE-287
4.6