Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mcafee vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2021-23886
Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows before 11.6.100 allows a local, low privileged, malicious user to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlpho...
Mcafee Data Loss Prevention Endpoint
7.8
CVSSv3
CVE-2021-23887
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows before 11.6.100 allows a local, low privileged, malicious user to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying th...
Mcafee Data Loss Prevention Endpoint
6.3
CVSSv3
CVE-2021-23888
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.8
CVSSv3
CVE-2021-23889
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
6.5
CVSSv3
CVE-2021-23890
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) before 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
7.4
CVSSv3
CVE-2021-3450
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve paramet...
Openssl Openssl
Freebsd Freebsd 12.2
Netapp Santricity Smi-s Provider Firmware -
Netapp Storagegrid Firmware -
Windriver Linux -
Windriver Linux 18.0
Windriver Linux 19.0
Windriver Linux 17.0
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Ontap Select Deploy Administration Utility -
Netapp Cloud Volumes Ontap Mediator -
Fedoraproject Fedora 34
Tenable Nessus Agent
Tenable Nessus
Tenable Nessus Network Monitor 5.11.1
Tenable Nessus Network Monitor 5.12.0
Tenable Nessus Network Monitor 5.12.1
Tenable Nessus Network Monitor 5.13.0
Tenable Nessus Network Monitor 5.11.0
Oracle Jd Edwards World Security A9.4
Oracle Weblogic Server 12.2.1.4.0
1 Github repository
1 Article
5.9
CVSSv3
CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_ce...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Freebsd Freebsd 12.2
Netapp Santricity Smi-s Provider -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Netapp Cloud Volumes Ontap Mediator -
Netapp E-series Performance Analyzer -
Tenable Tenable.sc
Tenable Nessus
Tenable Nessus Network Monitor 5.11.1
Tenable Nessus Network Monitor 5.12.0
Tenable Nessus Network Monitor 5.12.1
Tenable Nessus Network Monitor 5.13.0
Tenable Nessus Network Monitor 5.11.0
Tenable Log Correlation Engine
Fedoraproject Fedora 34
5 Github repositories
1 Article
7.8
CVSSv3
CVE-2020-7346
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows before 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of j...
Mcafee Data Loss Prevention
6.7
CVSSv3
CVE-2021-23879
Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool before 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Loc...
Mcafee Endpoint Product Removal Tool
8.8
CVSSv3
CVE-2021-23885
Privilege escalation vulnerability in McAfee Web Gateway (MWG) before 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.
Mcafee Web Gateway
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »