Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

McAfee, LLC — Vulnerabilities & Security Advisories 59

Browse all 59 CVE security advisories affecting McAfee, LLC. AI-powered Chinese analysis, POCs, and references for each vulnerability.

McAfee, LLC operates primarily as a cybersecurity firm providing endpoint protection, data loss prevention, and threat intelligence services to enterprise and consumer markets. Its software portfolio, including antivirus and firewall solutions, has historically been susceptible to a range of critical vulnerabilities, with Remote Code Execution (RCE) and Cross-Site Scripting (XSS) representing the most prevalent classes among its 59 recorded Common Vulnerabilities and Exposures. These flaws often stemmed from improper input validation or insufficient access controls within its management consoles and agent components. Notable incidents include past exploits allowing attackers to bypass security policies or execute arbitrary code on compromised systems, highlighting risks associated with its privileged access management tools. While the company maintains rigorous patching protocols, the volume of disclosed CVEs underscores the complexity of securing its extensive suite of interconnected security products against evolving attack vectors.

Top products by McAfee, LLC: McAfee Endpoint Security (ENS) McAfee Enterprise Security Manager (ESM) McAfee Agent (MA) McAfee Web Gateway (MWG) Data Loss Prevention (DLPe) for Windows McAfee VirusScan Enterprise (VSE) VirusScan Enterprise (VSE) McAfee Web Advisor (WA) McAfee Advanced Threat Defense (ATD) MVISION Endpoint ePO extension Endpoint Security for Windows McAfee Agent McAfee Host Intrusion Prevention System (Host IPS) for Windows Endpoint Security (ENS) for Window Mcafee Application and Change Control (MACC) McAfee Application and Change Control Data Exchange Layer (DXL) Broker Web Advisor (WA) McAfee TechCheck Endpoint Product Removal Tool McAfee Total Protection - Free Antivirus Trial McAfee FRP McAfee ePolicy Orchestrator (ePO) Total Protection (ToPS) for Mac OS Data eXchange Layer (DXL) Platform True Key (TK) ePolicy Orchestrator Cloud McAfee Network Security Manager (NSM) DLP Endpoint ePO extension Total Protection (MTP)
CVE IDTitleCVSSSeverityPublished
CVE-2021-23879 Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and ... — Endpoint Product Removal ToolCWE-428 6.7 Medium2021-03-15
CVE-2020-7343 Improper Authorization vulnerability in MA — McAfee AgentCWE-862 5.5 Medium2021-01-18
CVE-2020-7337 Incorrect Permission Assignment for Critical Resource — VirusScan Enterprise (VSE)CWE-732 6.5 Medium2020-12-09
CVE-2020-7333 Cross-site Scripting (XSS) in firewall ePO extension of McAfee Endpoint Security (ENS) — Endpoint Security for WindowsCWE-79 4.8 Medium2020-11-12
CVE-2020-7332 Cross-Site Request Forgery (CSRF) in firewall ePO extension of McAfee Endpoint Security (ENS) — Endpoint Security for WindowsCWE-352 7.0 High2020-11-12
CVE-2020-7331 Unquoted service executable path in McAfee Endpoint Security (ENS) — McAfee Endpoint Security (ENS)CWE-428 7.8 High2020-11-12
CVE-2020-7329 Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension — MVISION Endpoint ePO extensionCWE-918 7.2 High2020-11-11
CVE-2020-7328 Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension — MVISION Endpoint ePO extensionCWE-918 7.2 High2020-11-11
CVE-2020-7309 Cross Site Scripting vulnerability in ePO extension of MACC — McAfee Application and Change ControlCWE-79 3.9 Low2020-08-26
CVE-2020-7262 Improper Access Control vulnerability in ATD — McAfee Advanced Threat Defense (ATD)CWE-200 5.3 Medium2020-06-22
CVE-2020-7280 Symbolic Link vulnerability during DAT update — McAfee VirusScan Enterprise (VSE)CWE-269 7.8 High2020-06-10
CVE-2019-3588 Using VSE to bypass Windows Credentials on Lock screen — McAfee VirusScan Enterprise (VSE)CWE-269 6.3 Medium2020-06-10
CVE-2019-3585 VSE Escalation of Privileges through Alert pop-up window — McAfee VirusScan Enterprise (VSE)CWE-269 7.0 High2020-06-10
CVE-2020-7279 DLL search order hijacking in Host IPS — McAfee Host Intrusion Prevention System (Host IPS) for WindowsCWE-426 4.6 Medium2020-06-10
CVE-2019-3613 DLL search order hijacking in MA — McAfee Agent (MA)CWE-427 5.9 Medium2020-06-10
CVE-2019-3617 Privilege escalation in ToPS for Mac — Total Protection (ToPS) for Mac OS 7.5 High2020-06-10
CVE-2020-7263 ENS configuration can be edited by attacker with local administrator permissions — Endpoint Security (ENS) for WindowCWE-264 6.5 Medium2020-04-01
CVE-2020-7260 MACC installer DLL side loading — Mcafee Application and Change Control (MACC)CWE-264 7.3 High2020-03-26
CVE-2020-7254 Privilege escalation in Advanced Threat Defense — McAfee Advanced Threat Defense (ATD)CWE-264 7.7 High2020-03-12
CVE-2020-7253 Improper access control vulnerability in McAfee Agent — McAfee Agent (MA)CWE-284 5.7 Medium2020-03-12
CVE-2019-3670 Remote Code Execution vulnerability — Web Advisor (WA) 8.0 High2020-02-24
CVE-2020-7252 Unquoted service executable path — Data Exchange Layer (DXL) BrokerCWE-250 4.2 Medium2020-02-17
CVE-2020-7251 ESConfig Tool able to edit configuration for newer version — Mcafee Endpoint Security (ENS)CWE-358 5.0 Medium2020-02-14
CVE-2019-3667 DLL Search Order Hijacking — McAfee TechCheck 6.6 Medium2019-12-11
CVE-2019-3665 Code Injection vulnerability — McAfee Web Advisor (WA) 6.5 Medium2019-12-03
CVE-2019-3666 API Abuse Vulnerability — McAfee Web Advisor (WA) 6.5 Medium2019-12-03
CVE-2019-3653 ESConfig Tool access not controlled — McAfee Endpoint Security (ENS)CWE-284 4.6 Medium2019-10-09
CVE-2019-3652 ENS code injection in EPSetup.exe — McAfee Endpoint Security (ENS)CWE-94 5.0 Medium2019-10-09
CVE-2019-3646 McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability — McAfee Total Protection - Free Antivirus TrialCWE-714 6.9 Medium2019-09-13
CVE-2019-3644 MWG scanners updated to address CVE-2019-9517 — McAfee Web Gateway (MWG) 7.5 High2019-09-11

This page lists every published CVE security advisory associated with McAfee, LLC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.