Filtered by vendor Mcafee
Subscribe
Total
603 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-18311 | 8 Apple, Canonical, Debian and 5 more | 18 Mac Os X, Ubuntu Linux, Debian Linux and 15 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
CVE-2018-6682 | 1 Mcafee | 1 True Key | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site. | |||||
CVE-2018-6681 | 1 Mcafee | 1 Network Security Manager | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface. | |||||
CVE-2018-6678 | 1 Mcafee | 1 Mcafee Web Gateway | 2024-02-28 | 6.5 MEDIUM | 9.1 CRITICAL |
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. | |||||
CVE-2019-3604 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. | |||||
CVE-2018-6689 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions. | |||||
CVE-2019-3593 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2024-02-28 | 5.6 MEDIUM | 7.1 HIGH |
Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware. | |||||
CVE-2019-9169 | 4 Canonical, Gnu, Mcafee and 1 more | 6 Ubuntu Linux, Glibc, Web Gateway and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. | |||||
CVE-2018-6756 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware. | |||||
CVE-2019-1559 | 13 Canonical, Debian, F5 and 10 more | 90 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 87 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). | |||||
CVE-2019-3599 | 1 Mcafee | 1 Agent | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled. | |||||
CVE-2018-6755 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | |||||
CVE-2018-6667 | 1 Mcafee | 1 Mcafee Web Gateway | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). | |||||
CVE-2017-3907 | 1 Mcafee | 1 Mcafee Threat Intelligence Exchange | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | |||||
CVE-2017-3960 | 1 Mcafee | 1 Network Security Manager | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter. | |||||
CVE-2018-10381 | 1 Mcafee | 1 Tunnelbear | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | |||||
CVE-2017-4028 | 2 Mcafee, Microsoft | 7 Anti-virus Plus, Endpoint Security, Host Intrusion Prevention and 4 more | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. | |||||
CVE-2018-6659 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. | |||||
CVE-2018-6660 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | |||||
CVE-2017-3965 | 1 Mcafee | 1 Network Security Manager | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. |