VYPR

Vendor CVEs

McAfee

All CVEs

561 total · sorted by risk
  • CVE-2012-4584Aug 22, 2012
    risk 0.00cvss epss 0.01

    McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a…

  • CVE-2012-4583Aug 22, 2012
    risk 0.00cvss epss 0.01

    McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.

  • CVE-2012-4582Aug 22, 2012
    risk 0.00cvss epss 0.01

    McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors.

  • CVE-2012-4581Aug 22, 2012
    risk 0.00cvss epss 0.01

    McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers…

  • CVE-2012-4580Aug 22, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee…

  • CVE-2011-5101Aug 22, 2012
    risk 0.00cvss epss 0.01

    The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 allows remote attackers to relay e-mail messages via unspecified vectors, as demonstrated by relaying spam.

  • CVE-2011-5100Aug 22, 2012
    risk 0.00cvss epss 0.01

    The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request.

  • CVE-2010-5143Aug 22, 2012
    risk 0.00cvss epss 0.00

    McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.

  • CVE-2010-3496Aug 22, 2012
    risk 0.00cvss epss 0.04

    McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with…

  • CVE-2009-5118Aug 22, 2012
    risk 0.00cvss epss 0.02

    Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share.

  • CVE-2009-5117Aug 22, 2012
    risk 0.00cvss epss 0.00

    The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files.

  • CVE-2009-5116Aug 22, 2012
    risk 0.00cvss epss 0.02

    McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account.

  • CVE-2009-5115Aug 22, 2012
    risk 0.00cvss epss 0.01

    McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object.

  • CVE-2012-2212Apr 28, 2012
    risk 0.00cvss epss 0.01

    McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details…

  • CVE-2011-3007Aug 10, 2011
    risk 0.00cvss epss 0.01

    The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log…

  • CVE-2011-3006Aug 10, 2011
    risk 0.00cvss epss 0.02

    The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary…

  • CVE-2010-2290Jun 15, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

  • CVE-2010-2116May 28, 2010
    risk 0.00cvss epss 0.02

    The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do.

  • CVE-2009-3339Sep 24, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has…

  • CVE-2008-7020Aug 21, 2009
    risk 0.00cvss epss 0.00

    McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated…

  • CVE-2009-2429Jul 10, 2009
    risk 0.00cvss epss 0.00

    SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in admin_backup.xml files and uses insecure permissions for these files, which allows local users to gain privileges. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2009-2312Jul 2, 2009
    risk 0.00cvss epss 0.00

    SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges.

  • CVE-2009-1491May 5, 2009
    risk 0.00cvss epss 0.03

    McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as…

  • CVE-2009-1348Apr 30, 2009
    risk 0.00cvss epss 0.03

    The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus…

  • CVE-2008-3605Aug 12, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors.

  • CVE-2007-2957Oct 31, 2007
    risk 0.00cvss epss 0.06

    Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.

  • CVE-2006-5274Jul 12, 2007
    risk 0.00cvss epss 0.05

    Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified…

  • CVE-2006-5272Jul 12, 2007
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet.

  • CVE-2006-5271Jul 12, 2007
    risk 0.00cvss epss 0.04

    Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption.

  • CVE-2007-2151Apr 19, 2007
    risk 0.00cvss epss 0.02

    The administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read.

  • CVE-2007-2152Apr 19, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters.

  • CVE-2007-1538Mar 20, 2007
    risk 0.00cvss epss 0.02

    McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network…

  • CVE-2007-1226Mar 2, 2007
    risk 0.00cvss epss 0.00

    McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.

  • CVE-2006-6474Dec 14, 2006
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious…

  • CVE-2006-5417Oct 20, 2006
    risk 0.00cvss epss 0.02

    McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an…

  • CVE-2006-4886Sep 19, 2006
    risk 0.00cvss epss 0.00

    The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button,…

  • CVE-2006-3623Jul 18, 2006
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.

  • CVE-2006-3575Jul 13, 2006
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) "Process name", (2) "Module name", or (3) "API name" fields.

  • CVE-2006-0559Apr 4, 2006
    risk 0.00cvss epss 0.06

    Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed.

  • CVE-2006-0982Mar 3, 2006
    risk 0.00cvss epss 0.01

    The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as…

  • CVE-2005-3657Dec 21, 2005
    risk 0.00cvss epss 0.02

    The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the…

  • CVE-2005-3377Oct 30, 2005
    risk 0.00cvss epss 0.01

    Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 10 with the 4400 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic…

  • CVE-2005-2186Jul 11, 2005
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp.

  • CVE-2005-2187Jul 11, 2005
    risk 0.00cvss epss 0.01

    McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in…

  • CVE-2005-2188Jul 11, 2005
    risk 0.00cvss epss 0.02

    McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack.

  • CVE-2005-1107Apr 18, 2005
    risk 0.00cvss epss 0.00

    McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files.

  • CVE-2004-2635Dec 31, 2004
    risk 0.00cvss epss 0.02

    An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.

  • CVE-2004-0831Sep 14, 2004
    risk 0.00cvss epss 0.00

    McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges.

  • CVE-2004-0038Jun 14, 2004
    risk 0.00cvss epss 0.03

    McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.

  • CVE-2003-0148Aug 27, 2003
    risk 0.00cvss epss 0.01

    The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a…

Page 11 of 12