VYPR

Vendor CVEs

McAfee

All CVEs

561 total · sorted by risk
  • CVE-2017-3897CriSep 1, 2017
    risk 0.68cvss 9.8epss 0.12

    A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP…

  • CVE-2018-6667CriJun 26, 2018
    risk 0.65cvss 10.0epss 0.04

    Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).

  • CVE-2016-8027CriMar 14, 2017
    risk 0.65cvss 10.0epss 0.06

    SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without…

  • CVE-2016-0718CriMay 26, 2016
    risk 0.65cvss 9.8epss 0.13

    Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

  • CVE-2025-69599CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.00

    RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration.

  • CVE-2025-43027CriOct 30, 2025
    risk 0.64cvss 9.8epss 0.00

    A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no…

  • CVE-2017-4053CriJul 12, 2017
    risk 0.64cvss 9.8epss 0.03

    Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter.

  • CVE-2017-4052CriJul 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP…

  • CVE-2014-9921CriMar 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error.

  • CVE-2016-4448CriJun 9, 2016
    risk 0.64cvss 9.8epss 0.07

    Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

  • CVE-2024-34405CriJun 11, 2024
    risk 0.59cvss 9.1epss 0.00

    Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app.

  • CVE-2018-6678CriJul 23, 2018
    risk 0.59cvss 9.1epss 0.01

    Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.

  • CVE-2018-6677CriJul 23, 2018
    risk 0.59cvss 9.1epss 0.02

    Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.

  • CVE-2015-8772CriJan 29, 2016
    risk 0.59cvss 9.1epss 0.02

    McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call.

  • CVE-2017-3965HigApr 4, 2018
    risk 0.57cvss 8.8epss 0.01

    Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the…

  • CVE-2017-4057HigJul 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands.

  • CVE-2017-4054HigJul 12, 2017
    risk 0.57cvss 8.8epss 0.03

    Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter.

  • CVE-2016-8008HigMar 14, 2017
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system.

  • CVE-2015-8989HigMar 14, 2017
    risk 0.57cvss 8.8epss 0.01

    Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database.

  • CVE-2015-8988HigMar 14, 2017
    risk 0.57cvss 8.8epss 0.01

    Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path.

  • CVE-2016-2199HigFeb 1, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have…

  • CVE-2016-8024HigMar 14, 2017
    risk 0.56cvss 8.1epss 0.09

    Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.

  • CVE-2016-8023HigMar 14, 2017
    risk 0.56cvss 8.1epss 0.09

    Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.

  • CVE-2016-8020HigMar 14, 2017
    risk 0.56cvss 8.0epss 0.11

    Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.

  • CVE-2017-3972HigApr 3, 2018
    risk 0.54cvss 8.3epss 0.02

    Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information.

  • CVE-2017-1000366HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.03

    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent…

  • CVE-2016-4472HigJun 30, 2016
    risk 0.54cvss 8.1epss 0.12

    The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix…

  • CVE-2015-8765HigJan 8, 2016
    risk 0.54cvss 8.3epss 0.03

    Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC)…

  • CVE-2017-3971HigApr 4, 2018
    risk 0.53cvss 8.2epss 0.00

    Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.

  • CVE-2017-3969HigApr 4, 2018
    risk 0.53cvss 8.2epss 0.01

    Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.

  • CVE-2016-8022HigMar 14, 2017
    risk 0.53cvss 7.5epss 0.13

    Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.

  • CVE-2016-4535HigMay 5, 2016
    risk 0.53cvss 7.5epss 0.10

    Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable.

  • CVE-2024-7059HigNov 5, 2024
    risk 0.52cvss 8.0epss 0.01

    A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.

  • CVE-2017-4014HigMay 17, 2017
    risk 0.52cvss 8.0epss 0.01

    Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.

  • CVE-2018-6689HigOct 3, 2018
    risk 0.51cvss 7.8epss 0.00

    Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions.

  • CVE-2018-6700HigSep 24, 2018
    risk 0.51cvss 7.8epss 0.01

    DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.

  • CVE-2018-6662HigJun 5, 2018
    risk 0.51cvss 7.8epss 0.00

    Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input.

  • CVE-2018-6661HigApr 2, 2018
    risk 0.51cvss 7.8epss 0.01

    DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.

  • CVE-2016-8026HigMar 14, 2017
    risk 0.51cvss 7.8epss 0.00

    Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors.

  • CVE-2016-8012HigMar 14, 2017
    risk 0.51cvss 7.8epss 0.00

    Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get.

  • CVE-2016-8010HigMar 14, 2017
    risk 0.51cvss 7.8epss 0.00

    Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility.

  • CVE-2016-8009HigMar 14, 2017
    risk 0.51cvss 7.8epss 0.00

    Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call.

  • CVE-2018-6670HigJun 7, 2018
    risk 0.50cvss 7.6epss 0.01

    External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.

  • CVE-2015-7704HigAug 7, 2017
    risk 0.50cvss 7.5epss 0.11

    The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

  • CVE-2016-4447HigJun 9, 2016
    risk 0.50cvss 7.5epss 0.14

    The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

  • CVE-2024-4844HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database…

  • CVE-2017-3968HigJun 13, 2018
    risk 0.49cvss 7.5epss 0.01

    Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted…

  • CVE-2017-17740HigDec 18, 2017
    risk 0.49cvss 7.5epss 0.07

    contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN…

  • CVE-2017-3935HigOct 31, 2017
    risk 0.49cvss 7.5epss 0.01

    Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended…

  • CVE-2017-4055HigJul 12, 2017
    risk 0.49cvss 7.5epss 0.01

    Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization.

Page 1 of 12