Filtered by vendor Mcafee
Subscribe
Total
603 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-3902 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation. | |||||
CVE-2016-8016 | 1 Mcafee | 1 Virusscan Enterprise | 2024-02-28 | 3.5 LOW | 3.4 LOW |
Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter. | |||||
CVE-2017-4014 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-28 | 6.0 MEDIUM | 8.0 HIGH |
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request. | |||||
CVE-2013-7460 | 1 Mcafee | 2 Application Control, Change Control | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions. | |||||
CVE-2017-4015 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-28 | 3.5 LOW | 4.5 MEDIUM |
Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. | |||||
CVE-2015-8988 | 1 Mcafee | 1 Epo Deep Command | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path. | |||||
CVE-2017-4017 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface. | |||||
CVE-2016-8012 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. | |||||
CVE-2013-7462 | 1 Mcafee | 1 Saas Control Console Platform | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit. | |||||
CVE-2016-8008 | 2 Mcafee, Microsoft | 3 Security Scan Plus, Windows 10, Windows 7 | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system. | |||||
CVE-2017-3899 | 1 Mcafee | 1 Advanced Threat Defense | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | |||||
CVE-2017-3980 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. | |||||
CVE-2015-8990 | 1 Mcafee | 1 Advanced Threat Defense | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware. | |||||
CVE-2016-8005 | 1 Mcafee | 1 Email Gateway | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension. | |||||
CVE-2016-8027 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. | |||||
CVE-2017-4016 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header. | |||||
CVE-2014-9920 | 1 Mcafee | 1 Application Control | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances. | |||||
CVE-2016-8025 | 1 Mcafee | 1 Virusscan Enterprise | 2024-02-28 | 6.0 MEDIUM | 6.2 MEDIUM |
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | |||||
CVE-2016-1833 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
CVE-2015-8772 | 1 Mcafee | 1 File Lock | 2024-02-28 | 8.5 HIGH | 9.1 CRITICAL |
McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call. |