Export limit exceeded: 363851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363851 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7266 | 1 Mcafee | 1 Virusscan Enterprise | 2024-11-21 | 8.8 High |
| Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2020-7265 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 8.8 High |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2020-7264 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 8.8 High |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2020-7263 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 6.5 Medium |
| Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. | ||||
| CVE-2020-7262 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 5.3 Medium |
| Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter. | ||||
| CVE-2020-7261 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 6.1 Medium |
| Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | ||||
| CVE-2020-7260 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 7.3 High |
| DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. | ||||
| CVE-2020-7259 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 6.6 Medium |
| Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | ||||
| CVE-2020-7258 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 4.8 Medium |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | ||||
| CVE-2020-7257 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 8.4 High |
| Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent. | ||||
| CVE-2020-7256 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 4.8 Medium |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | ||||
| CVE-2020-7255 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 3.9 Low |
| Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration. | ||||
| CVE-2020-7254 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 7.7 High |
| Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command. | ||||
| CVE-2020-7253 | 1 Mcafee | 1 Agent | 2024-11-21 | 5.7 Medium |
| Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility. | ||||
| CVE-2020-7252 | 2 Mcafee, Microsoft | 2 Data Exchange Layer, Windows | 2024-11-21 | 4.2 Medium |
| Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. | ||||
| CVE-2020-7251 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 5 Medium |
| Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS. | ||||
| CVE-2020-7250 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 8.2 High |
| Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | ||||
| CVE-2020-7249 | 1 Smc | 2 D3g0804, D3g0804 Firmware | 2024-11-21 | 4.8 Medium |
| SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account). | ||||
| CVE-2020-7248 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 7.5 High |
| libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. | ||||
| CVE-2020-7246 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 8.8 High |
| A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884. | ||||