Filtered by vendor Mcafee
Subscribe
Total
603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0543 | 6 Canonical, Fedoraproject, Intel and 3 more | 719 Ubuntu Linux, Fedora, Celeron 1000m and 716 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-13935 | 7 Apache, Canonical, Debian and 4 more | 18 Tomcat, Ubuntu Linux, Debian Linux and 15 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | |||||
| CVE-2020-14621 | 7 Canonical, Debian, Fedoraproject and 4 more | 22 Ubuntu Linux, Debian Linux, Fedora and 19 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2020-7303 | 1 Mcafee | 1 Data Loss Prevention | 2024-02-28 | 2.3 LOW | 4.1 MEDIUM |
| Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label. | |||||
| CVE-2020-7288 | 2 Apple, Mcafee | 2 Macos, Endpoint Detection And Response | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-2757 | 7 Canonical, Debian, Fedoraproject and 4 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2020-7266 | 1 Mcafee | 1 Virusscan Enterprise | 2024-02-28 | 3.6 LOW | 8.4 HIGH |
| Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7257 | 1 Mcafee | 1 Endpoint Security | 2024-02-28 | 3.3 LOW | 6.3 MEDIUM |
| Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent. | |||||
| CVE-2020-7307 | 1 Mcafee | 1 Data Loss Prevention | 2024-02-28 | 2.1 LOW | 5.2 MEDIUM |
| Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. | |||||
| CVE-2020-7260 | 1 Mcafee | 1 Application And Change Control | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
| DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. | |||||
| CVE-2020-7295 | 1 Mcafee | 1 Web Gateway | 2024-02-28 | 4.1 MEDIUM | 4.6 MEDIUM |
| Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. | |||||
| CVE-2020-7255 | 1 Mcafee | 1 Endpoint Security | 2024-02-28 | 3.6 LOW | 4.4 MEDIUM |
| Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration. | |||||
| CVE-2020-7298 | 1 Mcafee | 1 Total Protection | 2024-02-28 | 3.6 LOW | 8.4 HIGH |
| Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. | |||||
| CVE-2020-7296 | 1 Mcafee | 1 Web Gateway | 2024-02-28 | 2.7 LOW | 5.7 MEDIUM |
| Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. | |||||
| CVE-2020-7264 | 1 Mcafee | 1 Endpoint Security | 2024-02-28 | 3.6 LOW | 8.4 HIGH |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7302 | 1 Mcafee | 1 Data Loss Prevention | 2024-02-28 | 5.5 MEDIUM | 6.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. | |||||
| CVE-2020-7284 | 1 Mcafee | 1 Network Security Management | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI). | |||||
| CVE-2020-7323 | 1 Mcafee | 1 Endpoint Security | 2024-02-28 | 5.9 MEDIUM | 6.9 MEDIUM |
| Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine. | |||||
| CVE-2020-2754 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2020-7291 | 2 Apple, Mcafee | 2 Macos, Active Response | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||