CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31836 – Improper Privilege Management in MA for Windows
https://notcve.org/view.php?id=CVE-2021-31836
22 Sep 2021 — Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user. Una vulnerabilidad de administración de privilegios inapropiada en maconfig para McAfee Agent for Windows versiones anteriores a 5.7.4, permite a un usuario local conseguir acceso a información confidencial. La utilidad fue capaz de ejecutarse desde cua... • https://kc.mcafee.com/corporate/index?page=content&id=SB10369 • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31841 – DLL side loading vulnerability in MA for Windows
https://notcve.org/view.php?id=CVE-2021-31841
22 Sep 2021 — A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature. Una vulnerabilidad de carga lateral de DLL en McAfee Agent for Windows versiones anteriores a 5.7.4, podría permitir a un usuario local llevar a ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10369 • CWE-347: Improper Verification of Cryptographic Signature CWE-426: Untrusted Search Path •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31840 – DLL preload vulnerability in McAfee Agent for Windows
https://notcve.org/view.php?id=CVE-2021-31840
10 Jun 2021 — A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code. Una vulnerabilidad en el mecanismo de precarga de determinadas bibliotecas de vínculo... • https://kc.mcafee.com/corporate/index?page=content&id=SB10362 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7315 – DLL Injection vulnerability in MA for Windows
https://notcve.org/view.php?id=CVE-2020-7315
10 Sep 2020 — DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. Una vulnerabilidad de inyección DLL en McAfee Agent (MA) para Windows versiones anteriores a 5.6.6, permite a usuarios locales ejecutar código arbitrario por medio de la colocación cuidadosa de una DLL maliciosa • https://kc.mcafee.com/corporate/index?page=content&id=SB10325 • CWE-426: Untrusted Search Path •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7314 – Privilege Escalation vulnerability in McAfee DXL for Mac
https://notcve.org/view.php?id=CVE-2020-7314
10 Sep 2020 — Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. Una vulnerabilidad de Escalada de Privilegios en el instalador en McAfee Data Exchange Layer (DXL) Client para Mac incluido con McAfee Agent (MA) para Mac versiones anteriores a MA 5.6.6, permite a usuarios locales ejecutar comandos como root por medio ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10325 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7311 – Privilege Escalation vulnerability in MA for Windows
https://notcve.org/view.php?id=CVE-2020-7311
10 Sep 2020 — Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. Una vulnerabilidad de escalamiento de privilegios en el instalador de McAfee Agent (MA) para Windows versiones anteriores a 5.6.6, permite a usuarios locales asumir derechos SYSTEM durante la instalación de MA mediante la manipulación de archivos de registro • https://kc.mcafee.com/corporate/index?page=content&id=SB10325 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7312 – DLL Search Order Hijacking in MA for Windows
https://notcve.org/view.php?id=CVE-2020-7312
10 Sep 2020 — DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. Una Vulnerabilidad de Secuestro de Órdenes de Búsqueda de DLL en el instalador de McAfee Agent (MA) para Windows versiones anteriores a 5.6.6, permite a usuarios locales ejecutar código arbitrario y escalar privilegios por medio de una ejecución desde una carpeta comprometida • https://kc.mcafee.com/corporate/index?page=content&id=SB10325 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2017-3896
https://notcve.org/view.php?id=CVE-2017-3896
13 Feb 2017 — Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated. Vulnerabilidad de parámetro no válido en la capacidad de visualización de inicio de sesión remoto en Intel Security McAfee Agent 5.0.x versiones anteriores a 5.0.4.449 permite a atacantes remotos pasar parámetros de entrada inesperados a través de una URL que no fue co... • http://www.securityfocus.com/bid/95903 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7237
https://notcve.org/view.php?id=CVE-2015-7237
18 Sep 2015 — Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad en salto de directorio en la funcionalidad de visualización de registro remoto en McAfee Agent (MA) 5.x en versiones anteriores a 5.0.2, permite a atacantes remotos obtener información sensible a través de vectores no especificados . • http://www.securitytracker.com/id/1033450 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2053
https://notcve.org/view.php?id=CVE-2015-2053
23 Feb 2015 — The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability. El visor de registros en McAfee Agent (MA) anterior a 4.8.0 Patch 3 y 5.0.0, cuando la opción 'Aceptar conexiones exclusivamente del servidor ePO' está habilitada, permite a atacantes remotos realizar ataques de clickjacking a través de u... • http://www.securityfocus.com/bid/74873 • CWE-20: Improper Input Validation •