Filtered by vendor Mcafee
Subscribe
Total
603 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7327 | 1 Mcafee | 1 Mvision Endpoint Detection And Response | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed | |||||
CVE-2020-7297 | 1 Mcafee | 1 Web Gateway | 2024-02-28 | 2.7 LOW | 5.7 MEDIUM |
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. | |||||
CVE-2020-7268 | 1 Mcafee | 1 Email Gateway | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. | |||||
CVE-2020-7314 | 1 Mcafee | 1 Mcafee Agent | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. | |||||
CVE-2020-7312 | 1 Mcafee | 1 Mcafee Agent | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | |||||
CVE-2020-7325 | 1 Mcafee | 1 Mvision Endpoint | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | |||||
CVE-2020-7250 | 1 Mcafee | 1 Endpoint Security | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | |||||
CVE-2019-3617 | 1 Mcafee | 1 Total Protection | 2024-02-28 | 6.9 MEDIUM | 8.2 HIGH |
Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files. | |||||
CVE-2020-7292 | 1 Mcafee | 1 Web Gateway | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL. | |||||
CVE-2020-7290 | 2 Linux, Mcafee | 2 Linux Kernel, Active Response | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
CVE-2020-7306 | 1 Mcafee | 1 Data Loss Prevention | 2024-02-28 | 2.1 LOW | 5.2 MEDIUM |
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text | |||||
CVE-2020-7281 | 1 Mcafee | 1 Total Protection | 2024-02-28 | 1.9 LOW | 6.3 MEDIUM |
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
CVE-2020-14578 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2020-7315 | 1 Mcafee | 1 Mcafee Agent | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. | |||||
CVE-2020-7301 | 1 Mcafee | 1 Data Loss Prevention | 2024-02-28 | 3.5 LOW | 4.6 MEDIUM |
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section. | |||||
CVE-2020-7261 | 1 Mcafee | 1 Endpoint Security | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | |||||
CVE-2020-7277 | 1 Mcafee | 1 Endpoint Security | 2024-02-28 | 4.6 MEDIUM | 5.3 MEDIUM |
Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered. | |||||
CVE-2020-2755 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2020-7273 | 1 Mcafee | 1 Endpoint Security | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters. | |||||
CVE-2020-7262 | 1 Mcafee | 1 Advanced Threat Defense | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter. |