Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Endpoint Security Security Vulnerabilities

cve
cve

CVE-2016-3984

The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control ...

5.1CVSS

5AI Score

0.001EPSS

2016-04-08 03:59 PM
35
cve
cve

CVE-2016-8010

Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility.

7.8CVSS

7.3AI Score

0.0004EPSS

2017-03-14 10:59 PM
21
cve
cve

CVE-2017-4028

Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.

5CVSS

5AI Score

0.0004EPSS

2018-04-03 10:29 PM
27
cve
cve

CVE-2019-3582

Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances.

8.6CVSS

7.5AI Score

0.0004EPSS

2019-02-28 04:00 PM
24
4
cve
cve

CVE-2019-3586

Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI ...

7.5CVSS

7.4AI Score

0.001EPSS

2019-05-15 04:29 PM
24
cve
cve

CVE-2019-3652

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

5.3CVSS

5.6AI Score

0.0004EPSS

2019-10-09 04:15 PM
28
cve
cve

CVE-2019-3653

Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.

5.5CVSS

5.5AI Score

0.0004EPSS

2019-10-09 04:15 PM
35
cve
cve

CVE-2020-7250

Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via ca...

8.2CVSS

7.7AI Score

0.0004EPSS

2020-04-15 01:15 PM
46
cve
cve

CVE-2020-7251

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.

5.5CVSS

5.3AI Score

0.0004EPSS

2020-02-14 03:15 PM
40
cve
cve

CVE-2020-7255

Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Adm...

4.4CVSS

5.1AI Score

0.0004EPSS

2020-04-15 01:15 PM
27
cve
cve

CVE-2020-7257

Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was...

8.4CVSS

6.3AI Score

0.0004EPSS

2020-04-15 12:15 PM
24
cve
cve

CVE-2020-7259

Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file

7.8CVSS

7.3AI Score

0.0004EPSS

2020-04-15 12:15 PM
33
cve
cve

CVE-2020-7261

Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.

6.1CVSS

5.2AI Score

0.0004EPSS

2020-04-15 12:15 PM
27
cve
cve

CVE-2020-7263

Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for e...

6.7CVSS

6.4AI Score

0.0004EPSS

2020-04-01 07:15 AM
37
4
cve
cve

CVE-2020-7264

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved th...

8.8CVSS

7.8AI Score

0.0004EPSS

2020-05-08 12:15 PM
37
cve
cve

CVE-2020-7265

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a ma...

8.8CVSS

7.8AI Score

0.0004EPSS

2020-05-08 12:15 PM
36
cve
cve

CVE-2020-7273

Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.

6.7CVSS

5.4AI Score

0.0004EPSS

2020-04-15 12:15 PM
26
cve
cve

CVE-2020-7274

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the...

7.8CVSS

7.6AI Score

0.0004EPSS

2020-04-15 12:15 PM
29
cve
cve

CVE-2020-7275

Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file.

5.3CVSS

5.7AI Score

0.0004EPSS

2020-04-15 12:15 PM
27
cve
cve

CVE-2020-7276

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.

6.7CVSS

6.5AI Score

0.0004EPSS

2020-04-15 12:15 PM
33
cve
cve

CVE-2020-7277

Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered.

6.8CVSS

5.1AI Score

0.0004EPSS

2020-04-15 12:15 PM
27
cve
cve

CVE-2020-7278

Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules...

7.4CVSS

6.5AI Score

0.001EPSS

2020-04-15 10:15 AM
25
cve
cve

CVE-2020-7308

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining co...

6.5CVSS

6.5AI Score

0.001EPSS

2021-04-15 08:15 AM
30
4
cve
cve

CVE-2020-7319

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.

8.8CVSS

8.1AI Score

0.0004EPSS

2020-09-09 10:15 AM
27
cve
cve

CVE-2020-7320

Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services.

7.3CVSS

6.8AI Score

0.0004EPSS

2020-09-09 10:15 AM
20
cve
cve

CVE-2020-7322

Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.

4.7CVSS

4.5AI Score

0.0004EPSS

2020-09-09 10:15 AM
24
cve
cve

CVE-2020-7323

Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running ...

6.9CVSS

6.3AI Score

0.001EPSS

2020-09-09 10:15 AM
32
cve
cve

CVE-2020-7331

Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.

7.8CVSS

7.7AI Score

0.0004EPSS

2020-11-12 10:15 AM
60
cve
cve

CVE-2020-7332

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.

8.8CVSS

8.8AI Score

0.001EPSS

2020-11-12 10:15 AM
25
cve
cve

CVE-2020-7333

Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.

4.8CVSS

5AI Score

0.001EPSS

2020-11-12 10:15 AM
29
cve
cve

CVE-2021-23878

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To...

7.3CVSS

5AI Score

0.0004EPSS

2021-02-10 09:15 AM
41
2
cve
cve

CVE-2021-23880

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.

6.7CVSS

4.6AI Score

0.0004EPSS

2021-02-10 10:15 AM
23
cve
cve

CVE-2021-23881

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator u...

4.8CVSS

4.7AI Score

0.001EPSS

2021-02-10 11:15 AM
44
cve
cve

CVE-2021-23882

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean install...

8.2CVSS

4.6AI Score

0.0004EPSS

2021-02-10 10:15 AM
35
cve
cve

CVE-2021-23883

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial protection prior to th...

4.4CVSS

4.4AI Score

0.0004EPSS

2021-02-10 10:15 AM
32
cve
cve

CVE-2021-31842

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing...

5.5CVSS

5.5AI Score

0.0004EPSS

2021-09-17 02:15 PM
33
2
cve
cve

CVE-2021-31843

Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended locatio...

7.8CVSS

7.4AI Score

0.0004EPSS

2021-09-17 02:15 PM
38