4264 matches found
CVE-2020-7297
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface...
CVE-2020-7307
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention DLP for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials...
CVE-2020-7316
Unquoted service path vulnerability in McAfee File and Removable Media Protection FRP prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered...
CVE-2020-7303
Cross Site scripting vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label...
CVE-2020-7317
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator ePO prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed...
CVE-2020-7300
Improper Authorization vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages...
CVE-2020-7308
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence GTI servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining...
CVE-2020-7258
Cross site scripting vulnerability in McAfee Network Security Management NSM Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors...
CVE-2020-7294
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface...
CVE-2020-7339
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors...
CVE-2020-7296
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface...
CVE-2020-7269
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...
CVE-2020-7252
Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer DXL Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files...
CVE-2020-7270
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...
CVE-2020-7306
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention DLP for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text...
CVE-2021-31848
Cross site scripting XSS vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the...
CVE-2021-31840
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid...
CVE-2021-31853
DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption MDE prior to 7.3.0 HF2 7.3.0.183 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder...
CVE-2021-31844
A buffer overflow vulnerability in McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro .sam files onto the local system and triggering a DLP Endpoint scan...
CVE-2021-31849
SQL injection vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension...