Lucene search

K

15 matches found

CVE
CVE
added 2020/11/12 10:15 a.m.81 views

CVE-2020-7331

Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.

7.8CVSS7.5AI score0.00048EPSS
CVE
CVE
added 2021/09/17 2:15 p.m.58 views

CVE-2021-31843

Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended locatio...

7.8CVSS7.2AI score0.00102EPSS
CVE
CVE
added 2021/02/10 9:15 a.m.57 views

CVE-2021-23878

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To...

7.3CVSS5.9AI score0.00165EPSS
CVE
CVE
added 2021/02/10 11:15 a.m.55 views

CVE-2021-23881

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator u...

4.8CVSS5.2AI score0.0031EPSS
CVE
CVE
added 2020/02/14 3:15 p.m.51 views

CVE-2020-7251

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.

5.5CVSS5.2AI score0.00112EPSS
CVE
CVE
added 2021/02/10 10:15 a.m.46 views

CVE-2021-23882

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean install...

8.2CVSS5.6AI score0.00048EPSS
CVE
CVE
added 2021/09/17 2:15 p.m.45 views

CVE-2021-31842

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing...

5.5CVSS5.5AI score0.00048EPSS
CVE
CVE
added 2021/02/10 10:15 a.m.44 views

CVE-2021-23883

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial protection prior to th...

4.9CVSS4.7AI score0.00063EPSS
CVE
CVE
added 2021/02/10 10:15 a.m.43 views

CVE-2021-23880

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.

6.7CVSS5.1AI score0.00051EPSS
CVE
CVE
added 2020/09/09 10:15 a.m.41 views

CVE-2020-7323

Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running ...

6.9CVSS6.4AI score0.00053EPSS
CVE
CVE
added 2020/09/09 10:15 a.m.39 views

CVE-2020-7319

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.

8.8CVSS8.4AI score0.00054EPSS
CVE
CVE
added 2020/11/12 10:15 a.m.39 views

CVE-2020-7333

Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.

4.8CVSS5.3AI score0.00351EPSS
CVE
CVE
added 2020/11/12 10:15 a.m.36 views

CVE-2020-7332

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.

8.8CVSS8.2AI score0.00162EPSS
CVE
CVE
added 2020/09/09 10:15 a.m.34 views

CVE-2020-7322

Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.

4.7CVSS4.5AI score0.00059EPSS
CVE
CVE
added 2020/09/09 10:15 a.m.28 views

CVE-2020-7320

Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services.

7.3CVSS6.5AI score0.00058EPSS