Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.
mcafee
CVE-2020-7310
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file.
CVE-2020-7253
Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility.
CVE-2020-7254
Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.
CVE-2020-7260
DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.
CVE-2020-7262
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.