Filtered by vendor Mcafee
Subscribe
Total
603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8535 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-28 | 4.6 MEDIUM | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors. | |||||
| CVE-2014-8522 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-28 | 7.5 HIGH | N/A |
| The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2014-1473 | 1 Mcafee | 1 Vulnerability Manager | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page." | |||||
| CVE-2013-4884 | 1 Mcafee | 1 Superscan | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report. | |||||
| CVE-2015-3030 | 1 Mcafee | 1 Advanced Threat Defense | 2024-02-28 | 4.0 MEDIUM | N/A |
| The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors. | |||||
| CVE-2014-8525 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-28 | 5.0 MEDIUM | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2014-8518 | 1 Mcafee | 2 Endpoint Encryption For Files And Folders, File And Removable Media Protection | 2024-02-28 | 2.1 LOW | N/A |
| The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, and Endpoint Encryption for Files and Folders (EEFF) 3.2.x through 4.2.x, uses a hard-coded salt, which makes it easier for local users to obtain passwords via a brute force attack. | |||||
| CVE-2015-2758 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-02-28 | 6.5 MEDIUM | N/A |
| The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL. | |||||
| CVE-2014-2205 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-28 | 6.3 MEDIUM | N/A |
| The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-8529 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-28 | 2.1 LOW | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-6064 | 1 Mcafee | 1 Web Gateway | 2024-02-28 | 4.0 MEDIUM | N/A |
| The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors. | |||||
| CVE-2014-8533 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-28 | 7.5 HIGH | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection. | |||||
| CVE-2015-1616 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-02-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-1305 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows Xp | 2024-02-28 | 6.9 MEDIUM | N/A |
| McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call. | |||||
| CVE-2014-8531 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-28 | 6.5 MEDIUM | N/A |
| The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-2390 | 1 Mcafee | 1 Network Security Manager | 2024-02-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors. | |||||
| CVE-2014-2587 | 1 Mcafee | 1 Asset Manager | 2024-02-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). | |||||
| CVE-2014-1472 | 1 Mcafee | 1 Vulnerability Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1617 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-02-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-0921 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-28 | 4.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do. | |||||