Virusscan Enterprise
by McAfee
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8024 | Hig | 0.56 | 8.1 | 0.09 | Mar 14, 2017 | Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing. | ||
| CVE-2016-8023 | Hig | 0.56 | 8.1 | 0.09 | Mar 14, 2017 | Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. | ||
| CVE-2016-8020 | Hig | 0.56 | 8.0 | 0.11 | Mar 14, 2017 | Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. | ||
| CVE-2016-8022 | Hig | 0.53 | 7.5 | 0.13 | Mar 14, 2017 | Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie. | ||
| CVE-2018-6674 | Med | 0.44 | 6.8 | 0.00 | May 25, 2018 | Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges… | ||
| CVE-2016-8025 | Med | 0.44 | 6.2 | 0.07 | Mar 14, 2017 | SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | ||
| CVE-2016-8019 | Med | 0.43 | 6.1 | 0.04 | Mar 14, 2017 | Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input. | ||
| CVE-2016-8021 | Med | 0.36 | 5.0 | 0.03 | Mar 14, 2017 | Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file. | ||
| CVE-2016-3984 | Med | 0.36 | 5.1 | 0.01 | Apr 8, 2016 | The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1… | ||
| CVE-2017-4028 | Med | 0.33 | 5.0 | 0.01 | Apr 3, 2018 | Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. | ||
| CVE-2016-8018 | Med | 0.31 | 4.3 | 0.02 | Mar 14, 2017 | Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input. | ||
| CVE-2016-8017 | Med | 0.30 | 4.1 | 0.07 | Mar 14, 2017 | Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input. | ||
| CVE-2016-8030 | Med | 0.28 | 4.3 | 0.01 | Apr 25, 2017 | A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link. | ||
| CVE-2016-8016 | Low | 0.25 | 3.4 | 0.05 | Mar 14, 2017 | Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter. | ||
| CVE-2016-4534 | Low | 0.23 | 3.0 | 0.02 | May 5, 2016 | The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles. | ||
| CVE-2005-4505 | 0.03 | — | 0.01 | Dec 23, 2005 | Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE… | |||
| CVE-2020-7337 | 0.00 | — | 0.00 | Dec 9, 2020 | Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via… | |||
| CVE-2020-7280 | 0.00 | — | 0.00 | Jun 10, 2020 | Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic… | |||
| CVE-2019-3588 | 0.00 | — | 0.00 | Jun 10, 2020 | Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked. | |||
| CVE-2019-3585 | 0.00 | — | 0.00 | Jun 10, 2020 | Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with… |
- risk 0.56cvss 8.1epss 0.09
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
- risk 0.56cvss 8.1epss 0.09
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
- risk 0.56cvss 8.0epss 0.11
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
- risk 0.53cvss 7.5epss 0.13
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.
- risk 0.44cvss 6.8epss 0.00
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges…
- risk 0.44cvss 6.2epss 0.07
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
- risk 0.43cvss 6.1epss 0.04
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
- risk 0.36cvss 5.0epss 0.03
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.
- risk 0.36cvss 5.1epss 0.01
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1…
- risk 0.33cvss 5.0epss 0.01
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.
- risk 0.31cvss 4.3epss 0.02
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.
- risk 0.30cvss 4.1epss 0.07
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.
- risk 0.28cvss 4.3epss 0.01
A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link.
- risk 0.25cvss 3.4epss 0.05
Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.
- risk 0.23cvss 3.0epss 0.02
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.
- CVE-2005-4505Dec 23, 2005risk 0.03cvss —epss 0.01
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE…
- CVE-2020-7337Dec 9, 2020risk 0.00cvss —epss 0.00
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via…
- CVE-2020-7280Jun 10, 2020risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic…
- CVE-2019-3588Jun 10, 2020risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.
- CVE-2019-3585Jun 10, 2020risk 0.00cvss —epss 0.00
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with…
Page 1 of 2