Filtered by vendor Mcafee Subscriptions
Total 604 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-7336 1 Mcafee 1 Network Security Management 2024-11-21 6.6 Medium
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.
CVE-2020-7335 1 Mcafee 1 Total Protection 2024-11-21 7.5 High
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window.
CVE-2020-7334 1 Mcafee 1 Application And Change Control 2024-11-21 7.7 High
Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software.
CVE-2020-7333 1 Mcafee 1 Endpoint Security 2024-11-21 4.8 Medium
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.
CVE-2020-7332 1 Mcafee 1 Endpoint Security 2024-11-21 7 High
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.
CVE-2020-7331 1 Mcafee 1 Endpoint Security 2024-11-21 7.8 High
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
CVE-2020-7330 1 Mcafee 1 Total Protection 2024-11-21 7.5 High
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables
CVE-2020-7329 1 Mcafee 1 Mvision Endpoint 2024-11-21 7.2 High
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.
CVE-2020-7328 1 Mcafee 1 Mvision Endpoint 2024-11-21 7.2 High
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.
CVE-2020-7327 1 Mcafee 1 Mvision Endpoint Detection And Response 2024-11-21 6 Medium
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed
CVE-2020-7326 1 Mcafee 1 Active Response 2024-11-21 6 Medium
Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed
CVE-2020-7325 1 Mcafee 1 Mvision Endpoint 2024-11-21 5.5 Medium
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.
CVE-2020-7324 1 Mcafee 1 Mvision Endpoint 2024-11-21 6.1 Medium
Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions.
CVE-2020-7323 1 Mcafee 1 Endpoint Security 2024-11-21 6.9 Medium
Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine.
CVE-2020-7322 1 Mcafee 1 Endpoint Security 2024-11-21 4.7 Medium
Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.
CVE-2020-7320 1 Mcafee 1 Endpoint Security 2024-11-21 6.7 Medium
Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services.
CVE-2020-7319 1 Mcafee 1 Endpoint Security 2024-11-21 8.8 High
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.
CVE-2020-7318 1 Mcafee 1 Epolicy Orchestrator 2024-11-21 4.6 Medium
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
CVE-2020-7317 1 Mcafee 1 Epolicy Orchestrator 2024-11-21 4.6 Medium
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.
CVE-2020-7316 1 Mcafee 1 File And Removable Media Protection 2024-11-21 6.6 Medium
Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered.