Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mcafee vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-7270
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) before 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD ins...
Mcafee Advanced Threat Defense
6.4
CVSSv2
CVE-2020-7308
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows before 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote malicious user to view the requests from ENS and responses from GTI ...
Mcafee Endpoint Security 10.7.0
Mcafee Endpoint Security 10.6.1
Mcafee Endpoint Security
3.5
CVSSv2
CVE-2021-23889
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
5.8
CVSSv2
CVE-2021-23890
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) before 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.9
CVSSv2
CVE-2021-23888
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.3
CVSSv2
CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_ce...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Freebsd Freebsd 12.2
Netapp Santricity Smi-s Provider -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Netapp Cloud Volumes Ontap Mediator -
Netapp E-series Performance Analyzer -
Tenable Tenable.sc
Tenable Nessus
Tenable Nessus Network Monitor 5.11.1
Tenable Nessus Network Monitor 5.12.0
Tenable Nessus Network Monitor 5.12.1
Tenable Nessus Network Monitor 5.13.0
Tenable Nessus Network Monitor 5.11.0
Tenable Log Correlation Engine
Fedoraproject Fedora 34
5 Github repositories
1 Article
5.8
CVSSv2
CVE-2021-3450
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve paramet...
Openssl Openssl
Freebsd Freebsd 12.2
Netapp Santricity Smi-s Provider Firmware -
Netapp Storagegrid Firmware -
Windriver Linux -
Windriver Linux 18.0
Windriver Linux 19.0
Windriver Linux 17.0
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Ontap Select Deploy Administration Utility -
Netapp Cloud Volumes Ontap Mediator -
Fedoraproject Fedora 34
Tenable Nessus Agent
Tenable Nessus
Tenable Nessus Network Monitor 5.11.1
Tenable Nessus Network Monitor 5.12.0
Tenable Nessus Network Monitor 5.12.1
Tenable Nessus Network Monitor 5.13.0
Tenable Nessus Network Monitor 5.11.0
Oracle Jd Edwards World Security A9.4
Oracle Weblogic Server 12.2.1.4.0
1 Github repository
1 Article
4.6
CVSSv2
CVE-2020-7346
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows before 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of j...
Mcafee Data Loss Prevention
7.2
CVSSv2
CVE-2021-23879
Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool before 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Loc...
Mcafee Endpoint Product Removal Tool
9
CVSSv2
CVE-2021-23885
Privilege escalation vulnerability in McAfee Web Gateway (MWG) before 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.
Mcafee Web Gateway
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »