Filtered by vendor Mcafee
Subscriptions
Total
604 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-7336 | 1 Mcafee | 1 Network Security Management | 2024-11-21 | 6.6 Medium |
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request. | ||||
CVE-2020-7335 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.5 High |
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window. | ||||
CVE-2020-7334 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 7.7 High |
Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software. | ||||
CVE-2020-7333 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.8 Medium |
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard. | ||||
CVE-2020-7332 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 7 High |
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. | ||||
CVE-2020-7331 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 7.8 High |
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. | ||||
CVE-2020-7330 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.5 High |
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables | ||||
CVE-2020-7329 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 7.2 High |
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. | ||||
CVE-2020-7328 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 7.2 High |
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator. | ||||
CVE-2020-7327 | 1 Mcafee | 1 Mvision Endpoint Detection And Response | 2024-11-21 | 6 Medium |
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed | ||||
CVE-2020-7326 | 1 Mcafee | 1 Active Response | 2024-11-21 | 6 Medium |
Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed | ||||
CVE-2020-7325 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 5.5 Medium |
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | ||||
CVE-2020-7324 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 6.1 Medium |
Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions. | ||||
CVE-2020-7323 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 6.9 Medium |
Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine. | ||||
CVE-2020-7322 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.7 Medium |
Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. | ||||
CVE-2020-7320 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 6.7 Medium |
Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services. | ||||
CVE-2020-7319 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 8.8 High |
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | ||||
CVE-2020-7318 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.6 Medium |
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | ||||
CVE-2020-7317 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.6 Medium |
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed. | ||||
CVE-2020-7316 | 1 Mcafee | 1 File And Removable Media Protection | 2024-11-21 | 6.6 Medium |
Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered. |