VYPR

Vendor CVEs

McAfee

All CVEs

561 total · sorted by risk
  • CVE-2015-8990HigMar 14, 2017
    risk 0.49cvss 7.5epss 0.01

    Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware.

  • CVE-2013-7462HigMar 14, 2017
    risk 0.49cvss 7.5epss 0.02

    A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system…

  • CVE-2016-3983HigApr 8, 2016
    risk 0.49cvss 7.5epss 0.01

    McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process.

  • CVE-2015-8773HigJan 29, 2016
    risk 0.49cvss 7.5epss 0.01

    Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call.

  • CVE-2018-6683HigJul 23, 2018
    risk 0.48cvss 7.4epss 0.00

    Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.

  • CVE-2017-3980HigMay 18, 2017
    risk 0.47cvss 7.2epss 0.03

    A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.

  • CVE-2016-8032HigMar 31, 2017
    risk 0.47cvss 7.3epss 0.00

    Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.

  • CVE-2016-8031HigMar 28, 2017
    risk 0.47cvss 7.3epss 0.00

    Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.

  • CVE-2018-6690HigSep 18, 2018
    risk 0.46cvss 7.1epss 0.00

    Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.

  • CVE-2015-8993HigMar 14, 2017
    risk 0.46cvss 7.0epss 0.00

    Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.

  • CVE-2015-8992HigMar 14, 2017
    risk 0.46cvss 7.0epss 0.00

    Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal…

  • CVE-2015-8991HigMar 14, 2017
    risk 0.46cvss 7.0epss 0.00

    Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal…

  • CVE-2016-1762HigMar 24, 2016
    risk 0.46cvss 8.1epss 0.06

    The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2024-49592MedNov 15, 2024
    risk 0.44cvss 6.7epss 0.00

    Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called…

  • CVE-2018-6674MedMay 25, 2018
    risk 0.44cvss 6.8epss 0.00

    Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges…

  • CVE-2016-8025MedMar 14, 2017
    risk 0.44cvss 6.2epss 0.07

    SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.

  • CVE-2016-1840HigMay 20, 2016
    risk 0.44cvss 7.8epss 0.03

    Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2016-1834HigMay 20, 2016
    risk 0.44cvss 7.8epss 0.05

    Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…

  • CVE-2026-27768MedMay 25, 2026
    risk 0.43cvss 6.6epss 0.00

    SQL Injection affecting the Access Manager role.

  • CVE-2018-6686MedJul 27, 2018
    risk 0.43cvss 6.6epss 0.00

    Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances.

  • CVE-2017-9287MedMay 29, 2017
    risk 0.43cvss 6.5epss 0.07

    servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

  • CVE-2016-8019MedMar 14, 2017
    risk 0.43cvss 6.1epss 0.04

    Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.

  • CVE-2016-1715MedJan 12, 2016
    risk 0.43cvss 6.6epss 0.02

    The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory…

  • CVE-2021-23840HigFeb 16, 2021
    risk 0.42cvss 7.5epss 0.51

    Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will…

  • CVE-2017-3966MedApr 4, 2018
    risk 0.42cvss 6.4epss 0.01

    Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the…

  • CVE-2017-3898MedSep 1, 2017
    risk 0.42cvss 5.9epss 0.03

    A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.

  • CVE-2017-4012MedMay 17, 2017
    risk 0.42cvss 6.5epss 0.01

    Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request.

  • CVE-2017-3899MedMar 14, 2017
    risk 0.42cvss 6.5epss 0.02

    SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.

  • CVE-2016-8005MedMar 14, 2017
    risk 0.42cvss 6.5epss 0.01

    File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension.

  • CVE-2021-3712HigAug 24, 2021
    risk 0.41cvss 7.4epss 0.50

    ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is…

  • CVE-2016-8007MedMar 14, 2017
    risk 0.41cvss 6.3epss 0.00

    Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions.

  • CVE-2016-20050MedApr 4, 2026
    risk 0.40cvss 6.2epss 0.00

    NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP…

  • CVE-2018-6682MedSep 24, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.

  • CVE-2017-3936MedJun 13, 2018
    risk 0.40cvss 6.2epss 0.01

    OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.

  • CVE-2017-3967MedApr 4, 2018
    risk 0.40cvss 6.1epss 0.01

    Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.

  • CVE-2018-6660MedApr 2, 2018
    risk 0.40cvss 6.2epss 0.02

    Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular…

  • CVE-2017-4011MedMay 17, 2017
    risk 0.40cvss 6.1epss 0.03

    Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.

  • CVE-2016-8011MedMar 14, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site.

  • CVE-2016-3969MedApr 6, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email.

  • CVE-2017-3896MedFeb 13, 2017
    risk 0.39cvss 5.9epss 0.02

    Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated.

  • CVE-2018-6695MedOct 3, 2018
    risk 0.38cvss 5.9epss 0.01

    SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.

  • CVE-2017-3960MedJun 12, 2018
    risk 0.38cvss 5.9epss 0.01

    Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.

  • CVE-2018-6664MedMay 25, 2018
    risk 0.38cvss 5.8epss 0.01

    Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.

  • CVE-2017-3934MedOct 31, 2017
    risk 0.38cvss 5.9epss 0.01

    Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.

  • CVE-2014-9920MedMar 14, 2017
    risk 0.38cvss 5.9epss 0.01

    Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier…

  • CVE-2018-6672MedJun 15, 2018
    risk 0.37cvss 5.7epss 0.01

    Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.

  • CVE-2017-3962MedJun 12, 2018
    risk 0.36cvss 5.6epss 0.00

    Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.

  • CVE-2016-8021MedMar 14, 2017
    risk 0.36cvss 5.0epss 0.03

    Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.

  • CVE-2015-8986MedMar 14, 2017
    risk 0.36cvss 5.5epss 0.01

    Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware…

  • CVE-2013-7461MedMar 14, 2017
    risk 0.36cvss 5.5epss 0.00

    A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions.

Page 2 of 12