cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-31843,https://securityvulnerability.io/vulnerability/CVE-2021-31843,Improper access control vulnerability in McAfee ENS for Windows,"Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.

","Mcafee,llc",Mcafee Endpoint Security (ens) For Windows,7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-09-17T13:40:12.000Z,0
CVE-2021-31842,https://securityvulnerability.io/vulnerability/CVE-2021-31842,XML Entity Expansion Injection Vulnerability in McAfee Endpoint Security for Windows,"An XML Entity Expansion injection vulnerability exists in McAfee Endpoint Security for Windows prior to the 10.7.0 September 2021 Update. This vulnerability allows a local user to manipulate the EPDeploy.xml configuration file, potentially leading to excessive CPU and memory utilization. This results in a Denial of Service condition during the execution of the setup process, which may disrupt service availability and impact user operations.","Mcafee,llc",Mcafee Endpoint Security (ens) For Windows,5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-09-17T13:35:12.000Z,0
CVE-2021-23892,https://securityvulnerability.io/vulnerability/CVE-2021-23892,,"By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.

","Mcafee,llc",Mcafee Endpoint Security (ens) For Linux,8.2,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-05-12T09:05:13.000Z,0
CVE-2020-7308,https://securityvulnerability.io/vulnerability/CVE-2020-7308,Transmission of data in clear text by McAfee ENS,"Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.","Mcafee,llc",Mcafee Endpoint Security (ens) For Windows,4.8,MEDIUM,0.001339999958872795,false,,false,false,false,,,false,false,,2021-04-15T07:40:19.000Z,0
CVE-2020-7331,https://securityvulnerability.io/vulnerability/CVE-2020-7331,Unquoted service executable path in McAfee Endpoint Security (ENS),Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.,"Mcafee, Llc",Mcafee Endpoint Security (ens),7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-11-12T10:15:00.000Z,0
CVE-2020-7264,https://securityvulnerability.io/vulnerability/CVE-2020-7264,Privilege Escalation vulnerability through symbolic links in ENS for Windows,Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.,"Mcafee,llc",Mcafee Endpoint Security (ens) For Windows,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-05-08T12:15:00.000Z,0
CVE-2020-7265,https://securityvulnerability.io/vulnerability/CVE-2020-7265,Privilege Escalation vulnerability through symbolic links in ENSM,Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.,"Mcafee,llc",Mcafee Endpoint Security (ens) For Mac,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-05-08T12:15:00.000Z,0
CVE-2020-7250,https://securityvulnerability.io/vulnerability/CVE-2020-7250,ENS symbolic link log file manipulation vulnerability,Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory.,Mcafee Llc,Mcafee Endpoint Security (ens),8.2,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-15T13:15:00.000Z,0
CVE-2020-7255,https://securityvulnerability.io/vulnerability/CVE-2020-7255,Privilege Escalation vulnerability  in ENS,Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration.,Mcafee Llc,Mcafee Endpoint Security (ens),3.9,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-15T13:15:00.000Z,0
CVE-2020-7276,https://securityvulnerability.io/vulnerability/CVE-2020-7276,Unrestricted Policy Management using MfeUpgradeTool.exe,Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.,Mcafee Llc,Mcafee Endpoint Security (ens),6.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-15T12:15:00.000Z,0
CVE-2020-7259,https://securityvulnerability.io/vulnerability/CVE-2020-7259,Unsigned executable vulnerability in ENS can be used to bypass intended self-protection rules,Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file,Mcafee Llc,Mcafee Endpoint Security (ens),6.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-15T12:15:00.000Z,0
CVE-2020-7273,https://securityvulnerability.io/vulnerability/CVE-2020-7273,Autorun registry bypass,Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.,Mcafee Llc,Mcafee Endpoint Security (ens),6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-15T12:15:00.000Z,0
CVE-2020-7275,https://securityvulnerability.io/vulnerability/CVE-2020-7275,Unquoted service paths for some McAfee ENS files,"Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file.",Mcafee Llc,Mcafee Endpoint Security (ens),4.8,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-15T12:15:00.000Z,0
CVE-2020-7274,https://securityvulnerability.io/vulnerability/CVE-2020-7274,ENS elevated permissions vulnerability,Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).,Mcafee Llc,Mcafee Endpoint Security (ens),6.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-15T12:15:00.000Z,0
CVE-2020-7278,https://securityvulnerability.io/vulnerability/CVE-2020-7278,McAfee firewall rules not enforced correctly,Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates.,Mcafee Llc,Mcafee Endpoint Security (ens),7.4,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2020-04-15T10:15:00.000Z,0
CVE-2020-7261,https://securityvulnerability.io/vulnerability/CVE-2020-7261,Buffer overwrite in ENS allowed to bypass AMSI protection,Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.,Mcafee Llc,Mcafee Endpoint Security (ens),6.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-14T00:00:00.000Z,0
CVE-2020-7277,https://securityvulnerability.io/vulnerability/CVE-2020-7277,McAfee processes not protected,"Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered.",Mcafee Llc,Mcafee Endpoint Security (ens),6.8,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-14T00:00:00.000Z,0
CVE-2020-7257,https://securityvulnerability.io/vulnerability/CVE-2020-7257,Privilege Escalation vulnerability through Symbolic links in ENS,Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent.,Mcafee Llc,Mcafee Endpoint Security (ens),8.4,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-14T00:00:00.000Z,0
CVE-2020-7251,https://securityvulnerability.io/vulnerability/CVE-2020-7251,ESConfig Tool able to edit configuration for newer version,Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.,"Mcafee, Llc",Mcafee Endpoint Security (ens),5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-02-14T14:50:14.000Z,0
CVE-2019-3653,https://securityvulnerability.io/vulnerability/CVE-2019-3653,ESConfig Tool access not controlled,Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.,"Mcafee, Llc",Mcafee Endpoint Security (ens),4.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-10-09T14:21:45.000Z,0
CVE-2019-3652,https://securityvulnerability.io/vulnerability/CVE-2019-3652,ENS code injection in EPSetup.exe,Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.,"Mcafee, Llc",Mcafee Endpoint Security (ens),5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-10-09T14:21:13.000Z,0
CVE-2019-3586,https://securityvulnerability.io/vulnerability/CVE-2019-3586,McAfee Endpoint Security firewall not always acting on GTI lookup results,Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection.,"Mcafee, Llc",Mcafee Endpoint Security (ens),7.5,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2019-05-15T15:48:10.000Z,0
CVE-2019-3582,https://securityvulnerability.io/vulnerability/CVE-2019-3582,McAfee Endpoint Security updates fix a privilege escalation vulnerability,Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances.,"Mcafee, Llc",Mcafee Endpoint Security (ens),8.6,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-02-28T16:00:00.000Z,0
CVE-2017-4028,https://securityvulnerability.io/vulnerability/CVE-2017-4028,SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability,Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.,Mcafee,"Mcafee Anti-virus Plus (avp),Mcafee Endpoint Security (ens),Mcafee Host Intrusion Prevention (host Ips),Mcafee Internet Security (mis),Mcafee Total Protection (mtp),Mcafee Virus Scan Enterprise (vse)",5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-04-03T22:29:00.000Z,0