Latest Mcafee Vulnerabilities

CVE-2023-5445
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a...
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0-service_pack_1_update
McAfee ePolicy Orchestrator=5.10.0-service_pack_1_update_1
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_11
and 14 more
CVE-2023-5444
CSRF in ePO leading to privilege escalation
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0-service_pack_1_update
McAfee ePolicy Orchestrator=5.10.0-service_pack_1_update_1
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_11
and 14 more
CVE-2023-40352
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.
McAfee Safe Connect<2.16.1.126
CVE-2023-3946
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convin...
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_11
McAfee ePolicy Orchestrator=5.10.0-update_11_hotfix_1
and 13 more
CVE-2023-25134
McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in t...
Mcafee Total Protection<16.0.50
CVE-2023-0978
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted ...
McAfee Advanced Threat Defense>=4.0<=4.14.2
Trellix Intelligent Sandbox=5.0
Trellix Intelligent Sandbox=5.2
CVE-2023-24579
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.
Mcafee Total Protection<16.0.51
CVE-2023-24578
McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks.
Mcafee Total Protection<16.0.49
CVE-2023-24577
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauth...
Mcafee Total Protection<16.0.50
CVE-2023-0221
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman...
McAfee Application and Change Control<8.3.4
CVE-2022-43751
McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unpri...
Mcafee Total Protection<16.0.49
CVE-2022-2188
Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lea...
McAfee Data eXchange Layer<6.0.0.280
Microsoft Windows
CVE-2022-3339
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincin...
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_11
McAfee ePolicy Orchestrator=5.10.0-update_12
and 9 more
CVE-2022-3338
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploi...
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_11
McAfee ePolicy Orchestrator=5.10.0-update_12
and 9 more
CVE-2022-2330
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the att...
Mcafee Data Loss Prevention Endpoint<11.9.100
Microsoft Windows
Mcafee Data Loss Prevention Endpoint<11.6.600.212
Mcafee Data Loss Prevention Endpoint>=11.9.0<11.9.100
CVE-2022-2313
A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious...
Mcafee Agent<5.7.7
CVE-2022-1824
An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. ...
McAfee Consumer Product Removal Tool<10.4.128
CVE-2022-1254
McAfee Web Gateway>=7.0.0<7.8.2.31
McAfee Web Gateway>=8.0.0<8.2.27
McAfee Web Gateway>=9.0.0<9.2.20
McAfee Web Gateway>=10.0.0<10.2.9
McAfee Web Gateway>=11.0.0<11.1.3
CVE-2022-1257
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sen...
Mcafee Agent<5.7.6
CVE-2022-1258
A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the b...
Mcafee Agent<5.7.6
McAfee ePolicy Orchestrator
CVE-2022-1256
A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file action...
Mcafee Agent<5.7.6
CVE-2022-0857
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_11
McAfee ePolicy Orchestrator=5.10.0-update_12
and 8 more
CVE-2022-0858
A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's sessi...
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_11
McAfee ePolicy Orchestrator=5.10.0-update_12
and 8 more
CVE-2022-0859
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_11
McAfee ePolicy Orchestrator=5.10.0-update_12
and 8 more
CVE-2022-0862
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a com...
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_11
McAfee ePolicy Orchestrator=5.10.0-update_12
and 8 more
CVE-2022-0861
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension ...
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_11
McAfee ePolicy Orchestrator=5.10.0-update_12
and 22 more
CVE-2022-0842
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO databa...
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_11
McAfee ePolicy Orchestrator=5.10.0-update_12
and 8 more
CVE-2022-0280
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary fi...
Mcafee Total Protection<16.0.43
Microsoft Windows
Mcafee Total Protection<16.0.43
Microsoft Windows
CVE-2022-0815
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details a...
McAfee WebAdvisor<=8.1.0.1895
CVE-2021-4088
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL...
Mcafee Data Loss Prevention>=11.7.0<11.7.101
Mcafee Data Loss Prevention>=11.8.0<11.8.100
Mcafee Data Loss Prevention=11.6.401
CVE-2021-31854
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed in...
Mcafee Agent<5.7.5
CVE-2022-0166
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installa...
Mcafee Agent<5.7.5
CVE-2022-0129
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system ...
McAfee TechCheck<4.0.0.2
CVE-2021-31833
Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification ...
McAfee Application and Change Control<8.3.4
CVE-2021-4038
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via sp...
McAfee Network Security Manager<10.1.7.48
CVE-2021-31850
McAfee Database Security Improper Access Control Denial-of-Service Vulnerability
McAfee Database Security<4.8.4
Microsoft Windows
McAfee Database Security
CVE-2021-31851
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request par...
McAfee Policy Auditor<6.5.2
CVE-2021-31852
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. Th...
McAfee Policy Auditor<6.5.2
CVE-2021-31853
DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compr...
McAfee Drive Encryption>=7.2.0<=7.2.10
McAfee Drive Encryption=7.3.0
McAfee Drive Encryption=7.3.0-hotfix1
CVE-2021-31849
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO datab...
Mcafee Data Loss Prevention Endpoint>=11.6.0<11.6.400
Mcafee Data Loss Prevention Endpoint>=11.7.0<11.7.100
CVE-2021-31848
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing...
Mcafee Data Loss Prevention Endpoint>=11.6.0<11.6.400
Mcafee Data Loss Prevention Endpoint>=11.7.0<11.7.100
CVE-2021-23877
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a spec...
Mcafee Total Protection<16.0.34
CVE-2021-31835
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the admi...
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_2
and 7 more
CVE-2021-31834
McAfee ePolicy Orchestrator<5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0
McAfee ePolicy Orchestrator=5.10.0-update_1
McAfee ePolicy Orchestrator=5.10.0-update_10
McAfee ePolicy Orchestrator=5.10.0-update_2
and 7 more
CVE-2021-23893
Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unu...
McAfee Drive Encryption<7.3.0
McAfee Drive Encryption=7.3.0
CVE-2021-31847
McAfee Endpoint Security Incorrect Permission Assignment Privilege Escalation Vulnerability
Mcafee Mcafee Agent<5.7.4
Mcafee Endpoint Security
Mcafee Agent<5.7.4
CVE-2021-31836
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any...
Mcafee Mcafee Agent<5.7.4
CVE-2021-31841
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific loca...
Mcafee Mcafee Agent<5.7.4
CVE-2021-31845
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing car...
Mcafee Data Loss Prevention Discover<11.6.100
Mcafee Data Loss Prevention Discover>=11.7.0<11.7.100
CVE-2021-31842
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulti...
Mcafee Endpoint Security<10.7.0
Mcafee Endpoint Security=10.7.0-april_2020
Mcafee Endpoint Security=10.7.0-april_2021
Mcafee Endpoint Security=10.7.0-february_2020
Mcafee Endpoint Security=10.7.0-february_2021
Mcafee Endpoint Security=10.7.0-july_2020
and 3 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203