Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-10 CVE-2020-7315 Untrusted Search Path vulnerability in Mcafee Agent 5.0.0
DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.
local
low complexity
mcafee CWE-426
6.7
2020-09-09 CVE-2020-7324 Improper Privilege Management vulnerability in Mcafee Mvision Endpoint 18.11.31.62/20.5.0.94/20.7
Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions.
local
low complexity
mcafee CWE-269
6.1
2020-09-09 CVE-2020-7323 Improper Authentication vulnerability in Mcafee Endpoint Security
Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges.
high complexity
mcafee CWE-287
6.9
2020-09-09 CVE-2020-7322 Information Exposure Through Log Files vulnerability in Mcafee Endpoint Security
Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.
local
high complexity
mcafee CWE-532
4.7
2020-09-04 CVE-2020-7299 Insufficiently Protected Credentials vulnerability in Mcafee True KEY 5.1.165
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.
local
high complexity
mcafee CWE-522
4.1
2020-08-26 CVE-2020-7309 Cross-site Scripting vulnerability in Mcafee Application and Change Control
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.
network
low complexity
mcafee CWE-79
4.8
2020-08-21 CVE-2020-7310 Improper Privilege Management vulnerability in Mcafee Total Protection
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file.
local
high complexity
mcafee CWE-269
6.9
2020-08-13 CVE-2020-7307 Insufficiently Protected Credentials vulnerability in Mcafee Data Loss Prevention
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.
local
low complexity
mcafee CWE-522
5.2
2020-08-13 CVE-2020-7306 Insufficiently Protected Credentials vulnerability in Mcafee Data Loss Prevention
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text
local
low complexity
mcafee CWE-522
5.2
2020-08-13 CVE-2020-7305 Improper Privilege Management vulnerability in Mcafee Data Loss Prevention
Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials.
network
low complexity
mcafee CWE-269
6.5