Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-12 CVE-2020-7300 Incorrect Authorization vulnerability in Mcafee Data Loss Prevention
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.
network
low complexity
mcafee CWE-863
6.3
2020-07-15 CVE-2020-14621 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). 5.3
2020-07-15 CVE-2020-7292 Inappropriate Encoding for Output Context vulnerability in Mcafee web Gateway
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.
network
low complexity
mcafee CWE-838
4.3
2020-07-14 CVE-2020-15719 Improper Certificate Validation vulnerability in multiple products
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support.
network
high complexity
openldap redhat opensuse mcafee oracle CWE-295
4.2
2020-07-03 CVE-2020-7282 Link Following vulnerability in Mcafee Total Protection
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file.
local
high complexity
mcafee CWE-59
6.3
2020-07-03 CVE-2020-7281 Improper Privilege Management vulnerability in Mcafee Total Protection
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file.
local
high complexity
mcafee CWE-269
6.3
2020-06-22 CVE-2020-7262 Information Exposure vulnerability in Mcafee Advanced Threat Defense
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.
local
low complexity
mcafee CWE-200
5.5
2020-06-15 CVE-2020-0543 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5
2020-06-10 CVE-2019-3588 Improper Privilege Management vulnerability in Mcafee Virusscan Enterprise 8.8
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.
low complexity
mcafee CWE-269
6.8
2020-04-15 CVE-2020-2830 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). 5.3