Vulnerabilities (CVE)

Filtered by vendor Mcafee Subscribe
Total 603 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7327 1 Mcafee 1 Mvision Endpoint Detection And Response 2024-02-28 4.6 MEDIUM 6.7 MEDIUM
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed
CVE-2020-7297 1 Mcafee 1 Web Gateway 2024-02-28 2.7 LOW 5.7 MEDIUM
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.
CVE-2020-7268 1 Mcafee 1 Email Gateway 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory.
CVE-2020-7314 1 Mcafee 1 Mcafee Agent 2024-02-28 7.2 HIGH 7.8 HIGH
Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files.
CVE-2020-7312 1 Mcafee 1 Mcafee Agent 2024-02-28 4.6 MEDIUM 7.8 HIGH
DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
CVE-2020-7325 1 Mcafee 1 Mvision Endpoint 2024-02-28 4.6 MEDIUM 7.8 HIGH
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.
CVE-2020-7250 1 Mcafee 1 Endpoint Security 2024-02-28 4.6 MEDIUM 7.8 HIGH
Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory.
CVE-2019-3617 1 Mcafee 1 Total Protection 2024-02-28 6.9 MEDIUM 8.2 HIGH
Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files.
CVE-2020-7292 1 Mcafee 1 Web Gateway 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.
CVE-2020-7290 2 Linux, Mcafee 2 Linux Kernel, Active Response 2024-02-28 4.6 MEDIUM 7.8 HIGH
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
CVE-2020-7306 1 Mcafee 1 Data Loss Prevention 2024-02-28 2.1 LOW 5.2 MEDIUM
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text
CVE-2020-7281 1 Mcafee 1 Total Protection 2024-02-28 1.9 LOW 6.3 MEDIUM
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
CVE-2020-14578 7 Canonical, Debian, Fedoraproject and 4 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2024-02-28 4.3 MEDIUM 3.7 LOW
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-7315 1 Mcafee 1 Mcafee Agent 2024-02-28 4.6 MEDIUM 6.7 MEDIUM
DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.
CVE-2020-7301 1 Mcafee 1 Data Loss Prevention 2024-02-28 3.5 LOW 4.6 MEDIUM
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.
CVE-2020-7261 1 Mcafee 1 Endpoint Security 2024-02-28 2.1 LOW 5.5 MEDIUM
Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.
CVE-2020-7277 1 Mcafee 1 Endpoint Security 2024-02-28 4.6 MEDIUM 5.3 MEDIUM
Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered.
CVE-2020-2755 7 Canonical, Debian, Fedoraproject and 4 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2024-02-28 4.3 MEDIUM 3.7 LOW
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-7273 1 Mcafee 1 Endpoint Security 2024-02-28 2.1 LOW 5.5 MEDIUM
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.
CVE-2020-7262 1 Mcafee 1 Advanced Threat Defense 2024-02-28 2.1 LOW 5.5 MEDIUM
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.