Filtered by vendor Mcafee
Subscribe
Total
603 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7310 | 1 Mcafee | 1 Total Protection | 2023-12-10 | 3.3 LOW | 6.9 MEDIUM |
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. | |||||
CVE-2020-7268 | 1 Mcafee | 1 Email Gateway | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. | |||||
CVE-2020-14579 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2020-7306 | 1 Mcafee | 1 Data Loss Prevention | 2023-12-10 | 2.1 LOW | 5.2 MEDIUM |
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text | |||||
CVE-2020-7311 | 1 Mcafee | 1 Mcafee Agent | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. | |||||
CVE-2020-7298 | 1 Mcafee | 1 Total Protection | 2023-12-10 | 3.6 LOW | 8.4 HIGH |
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. | |||||
CVE-2020-7274 | 1 Mcafee | 1 Endpoint Security | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | |||||
CVE-2020-7257 | 1 Mcafee | 1 Endpoint Security | 2023-12-10 | 3.3 LOW | 6.3 MEDIUM |
Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent. | |||||
CVE-2020-7279 | 1 Mcafee | 1 Host Intrusion Prevention | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder. | |||||
CVE-2020-7309 | 1 Mcafee | 1 Application And Change Control | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. | |||||
CVE-2020-7261 | 1 Mcafee | 1 Endpoint Security | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | |||||
CVE-2019-3617 | 1 Mcafee | 1 Total Protection | 2023-12-10 | 6.9 MEDIUM | 8.2 HIGH |
Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files. | |||||
CVE-2020-7323 | 1 Mcafee | 1 Endpoint Security | 2023-12-10 | 5.9 MEDIUM | 6.9 MEDIUM |
Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine. | |||||
CVE-2020-7250 | 1 Mcafee | 1 Endpoint Security | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | |||||
CVE-2020-7294 | 1 Mcafee | 1 Web Gateway | 2023-12-10 | 4.1 MEDIUM | 4.6 MEDIUM |
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. | |||||
CVE-2020-7259 | 1 Mcafee | 1 Endpoint Security | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | |||||
CVE-2020-7285 | 1 Mcafee | 1 Mvision Endpoint | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
CVE-2020-7281 | 1 Mcafee | 1 Total Protection | 2023-12-10 | 1.9 LOW | 6.3 MEDIUM |
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
CVE-2020-7286 | 2 Mcafee, Microsoft | 2 Endpoint Detection And Response, Windows | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
CVE-2020-7256 | 1 Mcafee | 1 Network Security Manager | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. |