Vendor CVEs
McAfee
All CVEs
561 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8990 | Hig | 0.49 | 7.5 | 0.01 | Mar 14, 2017 | Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware. | ||
| CVE-2013-7462 | Hig | 0.49 | 7.5 | 0.02 | Mar 14, 2017 | A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system… | ||
| CVE-2016-3983 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2016 | McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | ||
| CVE-2015-8773 | Hig | 0.49 | 7.5 | 0.01 | Jan 29, 2016 | Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call. | ||
| CVE-2018-6683 | Hig | 0.48 | 7.4 | 0.00 | Jul 23, 2018 | Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | ||
| CVE-2017-3980 | Hig | 0.47 | 7.2 | 0.03 | May 18, 2017 | A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. | ||
| CVE-2016-8032 | Hig | 0.47 | 7.3 | 0.00 | Mar 31, 2017 | Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | ||
| CVE-2016-8031 | Hig | 0.47 | 7.3 | 0.00 | Mar 28, 2017 | Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. | ||
| CVE-2018-6690 | Hig | 0.46 | 7.1 | 0.00 | Sep 18, 2018 | Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. | ||
| CVE-2015-8993 | Hig | 0.46 | 7.0 | 0.00 | Mar 14, 2017 | Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | ||
| CVE-2015-8992 | Hig | 0.46 | 7.0 | 0.00 | Mar 14, 2017 | Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal… | ||
| CVE-2015-8991 | Hig | 0.46 | 7.0 | 0.00 | Mar 14, 2017 | Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal… | ||
| CVE-2016-1762 | Hig | 0.46 | 8.1 | 0.06 | Mar 24, 2016 | The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | ||
| CVE-2024-49592 | Med | 0.44 | 6.7 | 0.00 | Nov 15, 2024 | Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called… | ||
| CVE-2018-6674 | Med | 0.44 | 6.8 | 0.00 | May 25, 2018 | Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges… | ||
| CVE-2016-8025 | Med | 0.44 | 6.2 | 0.07 | Mar 14, 2017 | SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | ||
| CVE-2016-1840 | Hig | 0.44 | 7.8 | 0.03 | May 20, 2016 | Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory… | ||
| CVE-2016-1834 | Hig | 0.44 | 7.8 | 0.05 | May 20, 2016 | Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)… | ||
| CVE-2026-27768 | Med | 0.43 | 6.6 | 0.00 | May 25, 2026 | SQL Injection affecting the Access Manager role. | ||
| CVE-2018-6686 | Med | 0.43 | 6.6 | 0.00 | Jul 27, 2018 | Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances. | ||
| CVE-2017-9287 | Med | 0.43 | 6.5 | 0.07 | May 29, 2017 | servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. | ||
| CVE-2016-8019 | Med | 0.43 | 6.1 | 0.04 | Mar 14, 2017 | Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input. | ||
| CVE-2016-1715 | Med | 0.43 | 6.6 | 0.02 | Jan 12, 2016 | The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory… | ||
| CVE-2021-23840 | Hig | 0.42 | 7.5 | 0.51 | Feb 16, 2021 | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will… | ||
| CVE-2017-3966 | Med | 0.42 | 6.4 | 0.01 | Apr 4, 2018 | Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the… | ||
| CVE-2017-3898 | Med | 0.42 | 5.9 | 0.03 | Sep 1, 2017 | A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. | ||
| CVE-2017-4012 | Med | 0.42 | 6.5 | 0.01 | May 17, 2017 | Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request. | ||
| CVE-2017-3899 | Med | 0.42 | 6.5 | 0.02 | Mar 14, 2017 | SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | ||
| CVE-2016-8005 | Med | 0.42 | 6.5 | 0.01 | Mar 14, 2017 | File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension. | ||
| CVE-2021-3712 | Hig | 0.41 | 7.4 | 0.50 | Aug 24, 2021 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is… | ||
| CVE-2016-8007 | Med | 0.41 | 6.3 | 0.00 | Mar 14, 2017 | Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions. | ||
| CVE-2016-20050 | Med | 0.40 | 6.2 | 0.00 | Apr 4, 2026 | NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP… | ||
| CVE-2018-6682 | Med | 0.40 | 6.1 | 0.01 | Sep 24, 2018 | Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site. | ||
| CVE-2017-3936 | Med | 0.40 | 6.2 | 0.01 | Jun 13, 2018 | OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | ||
| CVE-2017-3967 | Med | 0.40 | 6.1 | 0.01 | Apr 4, 2018 | Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames. | ||
| CVE-2018-6660 | Med | 0.40 | 6.2 | 0.02 | Apr 2, 2018 | Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular… | ||
| CVE-2017-4011 | Med | 0.40 | 6.1 | 0.03 | May 17, 2017 | Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request. | ||
| CVE-2016-8011 | Med | 0.40 | 6.1 | 0.01 | Mar 14, 2017 | Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site. | ||
| CVE-2016-3969 | Med | 0.40 | 6.1 | 0.01 | Apr 6, 2016 | Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email. | ||
| CVE-2017-3896 | Med | 0.39 | 5.9 | 0.02 | Feb 13, 2017 | Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated. | ||
| CVE-2018-6695 | Med | 0.38 | 5.9 | 0.01 | Oct 3, 2018 | SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment. | ||
| CVE-2017-3960 | Med | 0.38 | 5.9 | 0.01 | Jun 12, 2018 | Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter. | ||
| CVE-2018-6664 | Med | 0.38 | 5.8 | 0.01 | May 25, 2018 | Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. | ||
| CVE-2017-3934 | Med | 0.38 | 5.9 | 0.01 | Oct 31, 2017 | Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver. | ||
| CVE-2014-9920 | Med | 0.38 | 5.9 | 0.01 | Mar 14, 2017 | Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier… | ||
| CVE-2018-6672 | Med | 0.37 | 5.7 | 0.01 | Jun 15, 2018 | Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. | ||
| CVE-2017-3962 | Med | 0.36 | 5.6 | 0.00 | Jun 12, 2018 | Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. | ||
| CVE-2016-8021 | Med | 0.36 | 5.0 | 0.03 | Mar 14, 2017 | Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file. | ||
| CVE-2015-8986 | Med | 0.36 | 5.5 | 0.01 | Mar 14, 2017 | Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware… | ||
| CVE-2013-7461 | Med | 0.36 | 5.5 | 0.00 | Mar 14, 2017 | A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions. |
- risk 0.49cvss 7.5epss 0.01
Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware.
- risk 0.49cvss 7.5epss 0.02
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system…
- risk 0.49cvss 7.5epss 0.01
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process.
- risk 0.49cvss 7.5epss 0.01
Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call.
- risk 0.48cvss 7.4epss 0.00
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
- risk 0.47cvss 7.2epss 0.03
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.
- risk 0.47cvss 7.3epss 0.00
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.
- risk 0.47cvss 7.3epss 0.00
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.
- risk 0.46cvss 7.1epss 0.00
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
- risk 0.46cvss 7.0epss 0.00
Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
- risk 0.46cvss 7.0epss 0.00
Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal…
- risk 0.46cvss 7.0epss 0.00
Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal…
- risk 0.46cvss 8.1epss 0.06
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
- risk 0.44cvss 6.7epss 0.00
Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called…
- risk 0.44cvss 6.8epss 0.00
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges…
- risk 0.44cvss 6.2epss 0.07
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
- risk 0.44cvss 7.8epss 0.03
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory…
- risk 0.44cvss 7.8epss 0.05
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…
- risk 0.43cvss 6.6epss 0.00
SQL Injection affecting the Access Manager role.
- risk 0.43cvss 6.6epss 0.00
Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances.
- risk 0.43cvss 6.5epss 0.07
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
- risk 0.43cvss 6.1epss 0.04
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
- risk 0.43cvss 6.6epss 0.02
The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory…
- risk 0.42cvss 7.5epss 0.51
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will…
- risk 0.42cvss 6.4epss 0.01
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the…
- risk 0.42cvss 5.9epss 0.03
A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.
- risk 0.42cvss 6.5epss 0.01
Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request.
- risk 0.42cvss 6.5epss 0.02
SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
- risk 0.42cvss 6.5epss 0.01
File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension.
- risk 0.41cvss 7.4epss 0.50
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is…
- risk 0.41cvss 6.3epss 0.00
Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions.
- risk 0.40cvss 6.2epss 0.00
NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP…
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
- risk 0.40cvss 6.2epss 0.01
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.
- risk 0.40cvss 6.1epss 0.01
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.
- risk 0.40cvss 6.2epss 0.02
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular…
- risk 0.40cvss 6.1epss 0.03
Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email.
- risk 0.39cvss 5.9epss 0.02
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated.
- risk 0.38cvss 5.9epss 0.01
SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.
- risk 0.38cvss 5.9epss 0.01
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.
- risk 0.38cvss 5.8epss 0.01
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.
- risk 0.38cvss 5.9epss 0.01
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.
- risk 0.38cvss 5.9epss 0.01
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier…
- risk 0.37cvss 5.7epss 0.01
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.
- risk 0.36cvss 5.6epss 0.00
Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.
- risk 0.36cvss 5.0epss 0.03
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.
- risk 0.36cvss 5.5epss 0.01
Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware…
- risk 0.36cvss 5.5epss 0.00
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions.
Page 2 of 12