Agent
by McAfee
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6706 | 0.00 | — | 0.01 | Dec 12, 2018 | Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors. | |||
| CVE-2018-6705 | 0.00 | — | 0.00 | Dec 12, 2018 | Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions. | |||
| CVE-2018-6704 | 0.00 | — | 0.00 | Dec 12, 2018 | Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions. | |||
| CVE-2018-6703 | 0.00 | — | 0.03 | Dec 11, 2018 | Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging… | |||
| CVE-2015-7237 | 0.00 | — | 0.03 | Sep 18, 2015 | Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-2053 | 0.00 | — | 0.01 | Feb 23, 2015 | The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability. | |||
| CVE-2013-3627 | 0.00 | — | 0.02 | Oct 5, 2013 | FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request. | |||
| CVE-2009-5115 | 0.00 | — | 0.01 | Aug 22, 2012 | McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object. |
- CVE-2018-6706Dec 12, 2018risk 0.00cvss —epss 0.01
Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.
- CVE-2018-6705Dec 12, 2018risk 0.00cvss —epss 0.00
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
- CVE-2018-6704Dec 12, 2018risk 0.00cvss —epss 0.00
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
- CVE-2018-6703Dec 11, 2018risk 0.00cvss —epss 0.03
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging…
- CVE-2015-7237Sep 18, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2015-2053Feb 23, 2015risk 0.00cvss —epss 0.01
The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability.
- CVE-2013-3627Oct 5, 2013risk 0.00cvss —epss 0.02
FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request.
- CVE-2009-5115Aug 22, 2012risk 0.00cvss —epss 0.01
McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object.
Page 2 of 2