VYPR

Application Control

by McAfee

CVEs (14)

  • CVE-2016-8010HigMar 14, 2017
    risk 0.51cvss 7.8epss 0.00

    Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility.

  • CVE-2016-8009HigMar 14, 2017
    risk 0.51cvss 7.8epss 0.00

    Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call.

  • CVE-2018-6690HigSep 18, 2018
    risk 0.46cvss 7.1epss 0.00

    Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.

  • CVE-2016-1715MedJan 12, 2016
    risk 0.43cvss 6.6epss 0.02

    The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory…

  • CVE-2014-9920MedMar 14, 2017
    risk 0.38cvss 5.9epss 0.01

    Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier…

  • CVE-2013-7461MedMar 14, 2017
    risk 0.36cvss 5.5epss 0.00

    A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions.

  • CVE-2013-7460MedMar 14, 2017
    risk 0.36cvss 5.5epss 0.00

    A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via…

  • CVE-2024-11598Dec 11, 2024
    risk 0.00cvss epss 0.00

    Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation.

  • CVE-2020-15594Sep 29, 2020
    risk 0.00cvss epss 0.02

    An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the…

  • CVE-2020-15595Sep 29, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets…

  • CVE-2020-7309Aug 26, 2020
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.

  • CVE-2018-6668Dec 31, 2018
    risk 0.00cvss epss 0.00

    A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell.

  • CVE-2018-6669Dec 20, 2018
    risk 0.00cvss epss 0.01

    A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form.

  • CVE-2012-4593Aug 22, 2012
    risk 0.00cvss epss 0.01

    McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command.