Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mcafee vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-31851
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor before 6.5.2 allows a remote unauthenticated malicious user to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Audito...
Mcafee Policy Auditor
4.3
CVSSv2
CVE-2021-31852
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor before 6.5.2 allows a remote unauthenticated malicious user to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based...
Mcafee Policy Auditor
4.6
CVSSv2
CVE-2021-31853
DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) before 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
Mcafee Drive Encryption 7.3.0
Mcafee Drive Encryption
7.5
CVSSv2
CVE-2021-43267
An issue exists in net/tipc/crypto.c in the Linux kernel prior to 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote malicious users to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Linux Linux Kernel
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
2 Github repositories
2 Articles
3.5
CVSSv2
CVE-2021-31848
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension before 11.7.100 allows a remote malicious user to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the cas...
Mcafee Data Loss Prevention Endpoint
6.5
CVSSv2
CVE-2021-31849
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension before 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.
Mcafee Data Loss Prevention Endpoint
7.2
CVSSv2
CVE-2021-23877
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) before 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.
Mcafee Total Protection
3.5
CVSSv2
CVE-2021-31834
Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.3
CVSSv2
CVE-2021-31835
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.6
CVSSv2
CVE-2021-23893
Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) before 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer.
Mcafee Drive Encryption 7.3.0
Mcafee Drive Encryption
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »