mcafee
602 tracked vulnerabilities.
CVE-2021-23890
MEDIUM
McAfee ePolicy Orchestrator < 5.10 Update 10 - Unauthenticated Information Disclosure via Agent Handler
Mar 26, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-23889
LOW
McAfee ePolicy Orchestrator < 5.10.0 - Authenticated Stored Cross-Site Scripting via Multiple Parameters
Mar 26, 2021
CVSS 3.5
EPSS 0.00
CVE-2021-23888
MEDIUM
McAfee ePolicy Orchestrator < 5.10.0 - Authenticated Open Redirect via Unvalidated Client-Side URL
Mar 26, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-3450
HIGH
OpenSSL 1.1.1h-1.1.1j - Certificate Chain Validation Bypass via X509_V_FLAG_X509_STRICT
Mar 25, 2021
CVSS 7.4
EPSS 0.01
CVE-2021-3449
MEDIUM
Openssl < 1.1.1k - NULL Pointer Dereference
Mar 25, 2021
CVSS 5.9
EPSS 0.10
CVE-2021-23879
MEDIUM
McAfee Endpoint Product Removal <21.2 - RCE
Mar 15, 2021
CVSS 6.7
EPSS 0.00
CVE-2021-23885
CRITICAL
McAfee Web Gateway < 8.2.17 - Authenticated Privilege Escalation via Troubleshooting Page
Feb 17, 2021
CVSS 9.0
EPSS 0.01
CVE-2021-23840
HIGH
OpenSSL 1.0.2-1.0.2x and 1.1.1-1.1.1i - Integer Overflow in EVP_CipherUpdate
Feb 16, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-23881
MEDIUM
McAfee Endpoint Security < 10.7.0 - Stored Cross-Site Scripting via Policy Event Script Injection
Feb 10, 2021
CVSS 4.8
EPSS 0.00
CVE-2021-23876
HIGH
McAfee Total Protection < 16.0.30 - Privilege Escalation and Arbitrary File Modification via RPC Bypass
Feb 10, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-23874
HIGH
KEV
McAfee Total Protection < 16.0.30 - Arbitrary Process Execution and Privilege Escalation via Self-Defense Bypass
Feb 10, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-23873
HIGH
McAfee Total Protection < 16.0.30 - Privilege Escalation and Arbitrary File Deletion via Junction Link Manipulation
Feb 10, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-23883
MEDIUM
McAfee Endpoint Security < 10.7.0 - Denial of Service via Null Pointer Dereference
Feb 10, 2021
CVSS 4.0
EPSS 0.00
CVE-2021-23882
HIGH
McAfee Endpoint Security < 10.7.0 - Improper Access Control via Crafted File Placement
Feb 10, 2021
CVSS 8.2
EPSS 0.00
CVE-2021-23880
MEDIUM
McAfee Endpoint Security < 10.7.0 - Authenticated Uninstallation of Anti-Malware Engine via Specific Command
Feb 10, 2021
CVSS 6.7
EPSS 0.00
CVE-2021-23878
HIGH
McAfee Endpoint Security < 10.7.0 - Cleartext Storage of Sensitive Information in Process Memory
Feb 10, 2021
CVSS 7.3
EPSS 0.00
CVE-2021-3156
HIGH
KEVNUCLEI
Sudo Heap-Based Buffer Overflow
Jan 26, 2021
CVSS 7.8
EPSS 0.93
CVE-2021-1257
HIGH
Cisco Catalyst Center - Cross-Site Request Forgery
Jan 20, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-1258
MEDIUM
Cisco Anyconnect Secure Mobility Client < 4.9.03047 - Improper Privilege Management
Jan 13, 2021
CVSS 5.5
EPSS 0.00
CVE-2020-13938
MEDIUM
Apache HTTP Server 2.4.0-2.4.46 - Unauthenticated Denial of Service via Local Stop Command
Jun 10, 2021
CVSS 5.5
EPSS 0.00
CVE-2020-7308
MEDIUM
McAfee Endpoint Security < 10.7.0 - Cleartext Transmission of Sensitive Information via DNS
Apr 15, 2021
CVSS 4.8
EPSS 0.00
CVE-2020-7270
MEDIUM
McAfee Advanced Threat Defense < 4.12.2 - Authenticated Exposure of Sensitive Information via HTTP Request Parameter
Apr 15, 2021
CVSS 4.9
EPSS 0.00
CVE-2020-7269
MEDIUM
McAfee Advanced Threat Defense < 4.12.2 - Authenticated Exposure of Sensitive Information via HTTP Request Parameter
Apr 15, 2021
CVSS 4.9
EPSS 0.00
CVE-2020-7346
HIGH
McAfee Data Loss Prevention < 11.6.100 - Privilege Escalation via Junction Manipulation
Mar 23, 2021
CVSS 7.8
EPSS 0.00
CVE-2020-7343
MEDIUM
McAfee Agent < 5.7.1 - Missing Authorization for Update Blocking via Temporary Directory Manipulation
Jan 18, 2021
CVSS 5.5
EPSS 0.00
Products
epolicy_orchestrator 86
web_gateway 41
endpoint_security 37
network_data_loss_prevention 31
virusscan_enterprise 29
advanced_threat_defense 26
data_loss_prevention_endpoint 26
total_protection 26
agent 25
email_gateway 20
network_security_manager 19
gateway 13
data_loss_prevention 12
scan_engine 12
email_and_web_security 10
mcafee_agent 10
virusscan 10
antivirus_engine 9
enterprise_security_manager 9
policy_auditor 9
database_security 8
true_key 8
Network Data Loss Prevention (NDLP) 7
active_response 7
application_control 7
security_scan_plus 7
threat_intelligence_exchange_server 7
application_and_change_control 6
e-business_server 6
enterprise_mobility_manager 6
Quick Filters