Skip to main content

Endpoint Security

87 CVEs product

Monthly

CVE-2026-56152 MEDIUM This Month

Incorrect Authorization (CWE-863) in Elastic Defend exposes response action data to low-privileged authenticated users who should not have access to it. The flaw, classified under CAPEC-1, arises because access controls on specific functionality are not properly enforced, allowing a user with minimal privileges to read security response action data belonging to other users or roles. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog, but the High confidentiality impact (CVSS C:H) means sensitive endpoint response data - such as isolation actions, process kills, or file retrieval outputs - could be disclosed.

Authentication Bypass Elastic Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-14963 HIGH This Week

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. [CVSS 7.8 HIGH]

Windows Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-5317 MEDIUM This Month

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Security
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2023-46669 MEDIUM PATCH This Month

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Elastic Elastic Agent Endpoint Security
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-3779 MEDIUM This Month

Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Denial Of Service Internet Security Nod32 +6
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-2224 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Microsoft Endpoint Security Gravityzone Control Center
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2223 CRITICAL Act Now

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay.0.5.200089 Bitdefender. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Endpoint Security Gravityzone Control Center
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0353 HIGH POC This Week

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Eset Endpoint Antivirus Endpoint Security File Security +6
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-0316 HIGH This Week

Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-5594 HIGH This Week

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Antivirus Endpoint Security File Security Internet Security +5
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2023-28134 HIGH This Week

Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkpoint Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3665 HIGH This Week

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3160 HIGH This Week

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Endpoint Antivirus Endpoint Security Internet Security +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28133 HIGH This Week

Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation OpenSSL Checkpoint Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
5.7%
CVE-2023-35800 MEDIUM This Month

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-35799 MEDIUM This Month

Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23562 MEDIUM This Month

Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-23561 MEDIUM This Month

Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-4326 MEDIUM This Month

Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2022-23744 LOW Monitor

Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Information Disclosure Endpoint Security Harmony Endpoint
NVD
CVSS 3.1
2.3
EPSS
4.3%
CVE-2022-23714 HIGH This Week

A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Elastic Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23742 HIGH This Week

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Checkpoint Endpoint Security
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27167 HIGH This Week

Privilege escalation vulnerability in Windows products of ESET, spol. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Microsoft Eset Endpoint Antivirus +8
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-27534 CRITICAL Act Now

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Anti Virus Endpoint Security Internet Security Security Cloud +2
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-45091 MEDIUM This Month

Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-45090 CRITICAL Act Now

Stormshield Endpoint Security before 2.1.2 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Endpoint Security
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-45089 MEDIUM This Month

Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2021-37850 MEDIUM This Month

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Eset Cyber Security Endpoint Antivirus +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-35053 HIGH This Week

Possible system denial of service in case of arbitrary changing Firefox browser parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Endpoint Security
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-31843 HIGH This Week

Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-31842 MEDIUM This Month

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-35957 MEDIUM This Month

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-31224 LOW Monitor

SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2021-31223 MEDIUM This Month

SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2021-31222 MEDIUM This Month

SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2021-31221 MEDIUM This Month

SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2021-31220 MEDIUM This Month

SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2021-31225 HIGH This Week

SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-23881 MEDIUM This Month

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Endpoint Security
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-23883 MEDIUM This Month

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service Endpoint Security
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-23882 MEDIUM This Month

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Endpoint Security
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-23880 MEDIUM This Month

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Endpoint Security
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-23878 MEDIUM This Month

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.0
EPSS
0.6%
CVE-2020-6021 HIGH This Week

Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7333 MEDIUM This Month

Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Endpoint Security
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-7332 HIGH This Week

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Endpoint Security
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-7331 HIGH This Week

Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-6015 MEDIUM This Month

Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Denial Of Service Microsoft Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-6014 MEDIUM This Month

Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Microsoft RCE Endpoint Security
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-7323 MEDIUM This Month

Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
CVSS 3.1
6.9
EPSS
0.3%
CVE-2020-7322 MEDIUM This Month

Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly. Rated medium severity (CVSS 4.7). No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-7320 HIGH This Week

Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2020-7319 HIGH This Week

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-8097 HIGH This Week

An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security Endpoint Security Tools
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8108 HIGH This Week

Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Security
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-7265 HIGH This Week

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Security
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2020-7264 HIGH This Week

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2020-11446 HIGH This Week

ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Eset Privilege Escalation Antivirus And Antispyware Endpoint Antivirus Endpoint Security +5
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7255 MEDIUM This Month

Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-7250 HIGH This Week

Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7277 MEDIUM This Month

Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-7276 MEDIUM This Month

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-7275 MEDIUM This Month

Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Endpoint Security
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-7274 HIGH This Week

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7273 MEDIUM This Month

Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-7261 MEDIUM This Month

Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-7259 HIGH This Week

Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7257 MEDIUM This Month

Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-7278 MEDIUM This Month

Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-7263 MEDIUM This Month

Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-7251 MEDIUM This Month

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-16519 HIGH This Week

ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Apple Cyber Security Endpoint Antivirus +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-3653 MEDIUM This Month

Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-3652 MEDIUM This Month

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Endpoint Security
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2019-8461 HIGH POC PATCH This Week

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Checkpoint Capsule Docs Standalone Client Endpoint Security +1
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-3586 HIGH This Week

Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-8454 HIGH This Week

A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server,. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Checkpoint Endpoint Security
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2019-8452 HIGH POC This Week

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Checkpoint Endpoint Security Zonealarm
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-3582 HIGH This Week

Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6316 HIGH This Week

Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ivanti Endpoint Security
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2016-8010 HIGH This Week

Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Application Control Endpoint Security
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-9892 MEDIUM POC This Month

The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Eset Apple RCE Endpoint Antivirus Endpoint Security
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-3984 MEDIUM POC This Month

The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1,. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Active Response Agent Data Exchange Layer +4
NVD Exploit-DB
CVSS 3.0
5.1
EPSS
0.3%
CVE-2014-4973 MEDIUM POC This Month

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Eset Information Disclosure Smart Security Endpoint Security
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-5636 LOW PATCH Monitor

Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate. Rated low severity (CVSS 3.3).

Authentication Bypass Endpoint Security
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2013-5635 LOW PATCH Monitor

Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to. Rated low severity (CVSS 3.3).

Authentication Bypass Endpoint Security
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2012-2753 MEDIUM PATCH This Month

Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint. Rated medium severity (CVSS 6.9).

Information Disclosure Endpoint Connect Endpoint Security Endpoint Security Vpn Remote Access Clients
NVD
CVSS 2.0
6.9
EPSS
0.1%
EPSS 0% CVSS 5.3
MEDIUM This Month

Incorrect Authorization (CWE-863) in Elastic Defend exposes response action data to low-privileged authenticated users who should not have access to it. The flaw, classified under CAPEC-1, arises because access controls on specific functionality are not properly enforced, allowing a user with minimal privileges to read security response action data belonging to other users or roles. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog, but the High confidentiality impact (CVSS C:H) means sensitive endpoint response data - such as isolation actions, process kills, or file retrieval outputs - could be disclosed.

Authentication Bypass Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. [CVSS 7.8 HIGH]

Windows Endpoint Security
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Security
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Elastic Elastic Agent +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Denial Of Service +8
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Microsoft +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay.0.5.200089 Bitdefender. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Endpoint Security +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Eset Endpoint Antivirus +8
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH This Week

Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Antivirus Endpoint Security +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkpoint Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Endpoint Antivirus +7
NVD
EPSS 6% CVSS 7.8
HIGH This Week

Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation OpenSSL Checkpoint +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
EPSS 4% CVSS 2.3
LOW Monitor

Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Information Disclosure Endpoint Security +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Elastic +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Checkpoint +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Privilege escalation vulnerability in Windows products of ESET, spol. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Microsoft +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Anti Virus Endpoint Security +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Stormshield Endpoint Security before 2.1.2 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Endpoint Security
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Eset +3
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Possible system denial of service in case of arbitrary changing Firefox browser parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Endpoint Security
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 3.5
LOW Monitor

SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 7.3
HIGH This Week

SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Endpoint Security
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Endpoint Security
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Endpoint Security
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Endpoint Security
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Endpoint Security
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Microsoft RCE +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly. Rated medium severity (CVSS 4.7). No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Security
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Security
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Eset Privilege Escalation Antivirus And Antispyware +7
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Security
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Apple +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Security
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Endpoint Security
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Checkpoint +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Endpoint Security
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server,. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Checkpoint +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Checkpoint +2
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ivanti Endpoint Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Application Control +1
NVD
EPSS 0% CVSS 5.9
MEDIUM POC This Month

The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Eset Apple RCE +2
NVD
EPSS 0% CVSS 5.1
MEDIUM POC This Month

The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1,. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Active Response +6
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Eset Information Disclosure Smart Security +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate. Rated low severity (CVSS 3.3).

Authentication Bypass Endpoint Security
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to. Rated low severity (CVSS 3.3).

Authentication Bypass Endpoint Security
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint. Rated medium severity (CVSS 6.9).

Information Disclosure Endpoint Connect Endpoint Security +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy