Lucene search
K

15 matches found

CVE
CVE
added 2020/11/12 9:40 a.m.97 views

CVE-2020-7331

CVE-2020-7331 describes an issue in McAfee Endpoint Security (ENS) for Windows, where an unquoted service executable path in ENS prior to the 10.7.0 November 2020 Update allows a local user to cause a denial of service and execute malicious files by placing a crafted executable. Public sources (N...

7.8CVSS7.5AI score0.00399EPSS
CVE
CVE
added 2021/02/10 9:10 a.m.77 views

CVE-2021-23878

CVE-2021-23878 affects McAfee Endpoint Security for Windows prior to 10.7.0 (Feb 2021 Update). The issue is clear-text storage of sensitive information in memory, enabling a local user to view ENS settings and credentials by reading process memory shortly after an administrator applies a configur...

7.3CVSS5.9AI score0.00616EPSS
CVE
CVE
added 2021/09/17 1:40 p.m.77 views

CVE-2021-31843

CVE-2021-31843 affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Sept 2021 Update. The vulnerability is due to improper privileges management that allows a local user to access files they normally cannot by manipulating junction links to redirect McAfee folder operations to an un...

7.8CVSS7.6AI score0.00309EPSS
CVE
CVE
added 2021/02/10 10:30 a.m.72 views

CVE-2021-23881

CVE-2021-23881 is a stored XSS vulnerability in the ePO extension of McAfee Endpoint Security (ENS) for Windows, present before the 10.7.0 February 2021 Update. The issue allows an ENS ePO administrator to inject a script into a policy event that will run through a browser block page when a local...

4.8CVSS5.2AI score0.00637EPSS
CVE
CVE
added 2020/02/14 2:50 p.m.66 views

CVE-2020-7251

The CVE-2020-7251 issue affects McAfee Endpoint Security (ENS) for Windows specifically its Configuration Tool. The root cause is improper access control in the Configuration Tool prior to ENS 10.6.1 (February 2020 Update), enabling local users to disable security features via unauthorized use of...

5.5CVSS5.2AI score0.00215EPSS
CVE
CVE
added 2021/02/10 9:20 a.m.62 views

CVE-2021-23882

CVE-2021-23882 affects McAfee Endpoint Security (ENS) for Windows prior to the 10.7.0 February 2021 Update. The issue is an Improper Access Control vulnerability that lets local administrators prevent installation of some ENS files by placing crafted files in the install location. It is described...

8.2CVSS5.6AI score0.00288EPSS
CVE
CVE
added 2021/02/10 9:15 a.m.61 views

CVE-2021-23880

CVE-2021-23880 affects McAfee Endpoint Security (ENS) for Windows pre-10.7.0 February 2021 Update. An attribute in ENS allows an authenticated local administrator to uninstall the anti‑malware engine by executing a specific command with correct parameters (improper access control). Public sources...

6.7CVSS5.1AI score0.00291EPSS
CVE
CVE
added 2021/02/10 9:25 a.m.58 views

CVE-2021-23883

This entry describes CVE-2021-23883: a Null Pointer Dereference in McAfee Endpoint Security (ENS) for Windows prior to the 10.7.0 February 2021 Update. The flaw allows a local administrator to crash Windows by invoking a specific system call that is not handled correctly, with impact described as...

4.9CVSS4.7AI score0.00272EPSS
CVE
CVE
added 2021/09/17 1:35 p.m.57 views

CVE-2021-31842

The CVE-2021-31842 issue affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 (Sept 2021 Update). The root cause is an XML Entity Expansion injection in EPDeploy.xml processing, enabling a local user to trigger high CPU and memory usage and cause a Denial of Service. Documents consi...

5.5CVSS5.5AI score0.00227EPSS
CVE
CVE
added 2020/11/12 9:50 a.m.55 views

CVE-2020-7333

CVE-2020-7333 is a cross-site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) for Windows, present in versions prior to 10.7.0 (November 2020 Update). The vulnerability allows an attacker with admin access to inject arbitrary web script or HTML via the conf...

4.8CVSS5.3AI score0.00511EPSS
CVE
CVE
added 2020/09/09 9:35 a.m.54 views

CVE-2020-7323

McAfee Endpoint Security (ENS) for Windows is affected up to version 10.7.0. The issue is an Authentication Protection Bypass where a local, physically present attacker can bypass the Windows lock screen by triggering certain ENS detection events while McTray.exe is running with elevated privileg...

6.9CVSS6.4AI score0.00329EPSS
CVE
CVE
added 2020/09/09 9:15 a.m.52 views

CVE-2020-7319

CVE-2020-7319 affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0. The root issue is improper access control allowing local users to access files they should not reach by manipulating symbolic links that redirect McAfee file operations to unintended files. Impact indicators from th...

8.8CVSS8.4AI score0.0039EPSS
CVE
CVE
added 2020/11/12 9:45 a.m.51 views

CVE-2020-7332

CVE-2020-7332 is a CSRF in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update. The root cause is an incorrect security configuration that allows an attacker to execute arbitrary HTML code. Affected product: McAfee ENS with the firewall ePO extension ...

8.8CVSS8.2AI score0.00581EPSS
CVE
CVE
added 2020/09/09 9:30 a.m.48 views

CVE-2020-7322

CVE-2020-7322 affects McAfee Endpoint Security (ENS) for Windows prior to version 10.7.0. The issue is an information-disclosure in which sensitive data could be exposed via incorrect logging of sensitive information in debug logs. Affected product: ENS for Windows; root cause: improper logging. ...

4.7CVSS4.5AI score0.00246EPSS
CVE
CVE
added 2020/09/09 9:15 a.m.40 views

CVE-2020-7320

The CVE-2020-7320 issue affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0. It is described as a Protection Mechanism Failure that lets a local administrator temporarily degrade detection by stopping certain Microsoft services, enabling malware that would otherwise be detected to ...

7.3CVSS6.5AI score0.00258EPSS