Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2021-31844

    A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the loca... Read more

    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31843

    Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfe... Read more

    Affected Products : endpoint_security
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-31842

    XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully edit... Read more

    Affected Products : endpoint_security
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-31841

    A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated pe... Read more

    Affected Products : agent mcafee_agent
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2021-31840

    A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, th... Read more

    Affected Products : agent mcafee_agent
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-31839

    Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior t... Read more

    Affected Products : agent
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-31838

    A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. ... Read more

    Affected Products : mvision_edr
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-31837

    Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially tr... Read more

    Affected Products : getsusp
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-31836

    Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged us... Read more

    Affected Products : agent mcafee_agent
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-31835

    Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.... Read more

    Affected Products : epolicy_orchestrator
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31834

    Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.... Read more

    Affected Products : epolicy_orchestrator
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31833

    Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run app... Read more

    Affected Products : application_and_change_control
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.2

    MEDIUM
    CVE-2021-31832

    Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This ... Read more

    Affected Products : data_loss_prevention
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-31831

    Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console... Read more

    Affected Products : database_security
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-31830

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored.... Read more

    Affected Products : database_security
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-31829

    kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against specu... Read more

    Affected Products : linux_kernel fedora debian_linux
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-31828

    An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.... Read more

    Affected Products : open_distro
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-31827

    In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database e... Read more

    Affected Products : moveit_transfer
    • Published: May. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-31826

    Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.... Read more

    Affected Products : service_provider shibboleth-sp
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-31822

    When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access.... Read more

    Affected Products : linux_kernel tentacle
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293186 Results