Vulnerabilities > Mcafee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-7322 | Information Exposure Through Log Files vulnerability in Mcafee Endpoint Security Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. | 4.7 |
| 2020-09-04 | CVE-2020-7299 | Insufficiently Protected Credentials vulnerability in Mcafee True KEY 5.1.165 Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations. | 4.1 |
| 2020-08-26 | CVE-2020-7309 | Cross-site Scripting vulnerability in Mcafee Application and Change Control Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. | 4.8 |
| 2020-08-21 | CVE-2020-7310 | Improper Privilege Management vulnerability in Mcafee Total Protection Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. | 6.9 |
| 2020-08-13 | CVE-2020-7307 | Insufficiently Protected Credentials vulnerability in Mcafee Data Loss Prevention Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. | 5.2 |
| 2020-08-13 | CVE-2020-7306 | Insufficiently Protected Credentials vulnerability in Mcafee Data Loss Prevention Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text | 5.2 |
| 2020-08-13 | CVE-2020-7305 | Improper Privilege Management vulnerability in Mcafee Data Loss Prevention Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. | 6.5 |
| 2020-08-13 | CVE-2020-7303 | Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label. | 4.1 |
| 2020-08-13 | CVE-2020-7302 | Unrestricted Upload of File with Dangerous Type vulnerability in Mcafee Data Loss Prevention Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. | 6.4 |
| 2020-08-12 | CVE-2020-7301 | Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section. | 4.6 |