15 matches found
CVE-2020-7331
CVE-2020-7331 describes an issue in McAfee Endpoint Security (ENS) for Windows, where an unquoted service executable path in ENS prior to the 10.7.0 November 2020 Update allows a local user to cause a denial of service and execute malicious files by placing a crafted executable. Public sources (N...
CVE-2021-23878
CVE-2021-23878 affects McAfee Endpoint Security for Windows prior to 10.7.0 (Feb 2021 Update). The issue is clear-text storage of sensitive information in memory, enabling a local user to view ENS settings and credentials by reading process memory shortly after an administrator applies a configur...
CVE-2021-31843
CVE-2021-31843 affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Sept 2021 Update. The vulnerability is due to improper privileges management that allows a local user to access files they normally cannot by manipulating junction links to redirect McAfee folder operations to an un...
CVE-2021-23881
CVE-2021-23881 is a stored XSS vulnerability in the ePO extension of McAfee Endpoint Security (ENS) for Windows, present before the 10.7.0 February 2021 Update. The issue allows an ENS ePO administrator to inject a script into a policy event that will run through a browser block page when a local...
CVE-2020-7251
The CVE-2020-7251 issue affects McAfee Endpoint Security (ENS) for Windows specifically its Configuration Tool. The root cause is improper access control in the Configuration Tool prior to ENS 10.6.1 (February 2020 Update), enabling local users to disable security features via unauthorized use of...
CVE-2021-23882
CVE-2021-23882 affects McAfee Endpoint Security (ENS) for Windows prior to the 10.7.0 February 2021 Update. The issue is an Improper Access Control vulnerability that lets local administrators prevent installation of some ENS files by placing crafted files in the install location. It is described...
CVE-2021-23880
CVE-2021-23880 affects McAfee Endpoint Security (ENS) for Windows pre-10.7.0 February 2021 Update. An attribute in ENS allows an authenticated local administrator to uninstall the anti‑malware engine by executing a specific command with correct parameters (improper access control). Public sources...
CVE-2021-23883
This entry describes CVE-2021-23883: a Null Pointer Dereference in McAfee Endpoint Security (ENS) for Windows prior to the 10.7.0 February 2021 Update. The flaw allows a local administrator to crash Windows by invoking a specific system call that is not handled correctly, with impact described as...
CVE-2021-31842
The CVE-2021-31842 issue affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 (Sept 2021 Update). The root cause is an XML Entity Expansion injection in EPDeploy.xml processing, enabling a local user to trigger high CPU and memory usage and cause a Denial of Service. Documents consi...
CVE-2020-7333
CVE-2020-7333 is a cross-site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) for Windows, present in versions prior to 10.7.0 (November 2020 Update). The vulnerability allows an attacker with admin access to inject arbitrary web script or HTML via the conf...
CVE-2020-7323
McAfee Endpoint Security (ENS) for Windows is affected up to version 10.7.0. The issue is an Authentication Protection Bypass where a local, physically present attacker can bypass the Windows lock screen by triggering certain ENS detection events while McTray.exe is running with elevated privileg...
CVE-2020-7319
CVE-2020-7319 affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0. The root issue is improper access control allowing local users to access files they should not reach by manipulating symbolic links that redirect McAfee file operations to unintended files. Impact indicators from th...
CVE-2020-7332
CVE-2020-7332 is a CSRF in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update. The root cause is an incorrect security configuration that allows an attacker to execute arbitrary HTML code. Affected product: McAfee ENS with the firewall ePO extension ...
CVE-2020-7322
CVE-2020-7322 affects McAfee Endpoint Security (ENS) for Windows prior to version 10.7.0. The issue is an information-disclosure in which sensitive data could be exposed via incorrect logging of sensitive information in debug logs. Affected product: ENS for Windows; root cause: improper logging. ...
CVE-2020-7320
The CVE-2020-7320 issue affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0. It is described as a Protection Mechanism Failure that lets a local administrator temporarily degrade detection by stopping certain Microsoft services, enabling malware that would otherwise be detected to ...