Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-31851

    A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified i... Read more

    Affected Products : policy_auditor
    • EPSS Score: %0.78
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-31850

    A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly all... Read more

    Affected Products : database_security windows
    • EPSS Score: %0.28
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-31849

    SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO ... Read more

    Affected Products : data_loss_prevention_endpoint
    • EPSS Score: %0.40
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-31848

    Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully cr... Read more

    Affected Products : data_loss_prevention_endpoint
    • EPSS Score: %0.31
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-31847

    Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to ex... Read more

    Affected Products : agent
    • EPSS Score: %0.03
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2021-31845

    A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine ... Read more

    Affected Products : data_loss_prevention_discover
    • EPSS Score: %0.80
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-31844

    A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the loca... Read more

    • EPSS Score: %0.06
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31843

    Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfe... Read more

    Affected Products : endpoint_security
    • EPSS Score: %0.10
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-31842

    XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully edit... Read more

    Affected Products : endpoint_security
    • EPSS Score: %0.05
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-31841

    A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated pe... Read more

    Affected Products : agent mcafee_agent
    • EPSS Score: %0.02
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-31840

    A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, th... Read more

    Affected Products : agent mcafee_agent
    • EPSS Score: %0.04
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-31839

    Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior t... Read more

    Affected Products : agent
    • EPSS Score: %0.04
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-31838

    A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. ... Read more

    Affected Products : mvision_edr
    • EPSS Score: %0.70
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-31837

    Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially tr... Read more

    Affected Products : getsusp
    • EPSS Score: %0.06
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-31836

    Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged us... Read more

    Affected Products : agent mcafee_agent
    • EPSS Score: %0.05
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-31835

    Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.... Read more

    Affected Products : epolicy_orchestrator
    • EPSS Score: %0.25
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31834

    Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.... Read more

    Affected Products : epolicy_orchestrator
    • EPSS Score: %0.21
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31833

    Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run app... Read more

    Affected Products : application_and_change_control
    • EPSS Score: %0.05
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.2

    MEDIUM
    CVE-2021-31832

    Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This ... Read more

    Affected Products : data_loss_prevention
    • EPSS Score: %0.40
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31831

    Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console... Read more

    Affected Products : database_security
    • EPSS Score: %0.32
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292316 Results