VYPR

Vendor CVEs

McAfee

All CVEs

561 total · sorted by risk
  • CVE-2006-6707Dec 23, 2006
    risk 0.07cvss epss 0.54

    Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget…

  • CVE-2006-3961Aug 1, 2006
    risk 0.06cvss epss 0.34

    Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted…

  • CVE-2004-0095Feb 17, 2004
    risk 0.06cvss epss 0.38

    McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow.

  • CVE-2012-4598Aug 22, 2012
    risk 0.05cvss epss 0.29

    An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.

  • CVE-2004-0933Jan 27, 2005
    risk 0.05cvss epss 0.21

    Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass…

  • CVE-2015-0922Jan 9, 2015
    risk 0.04cvss epss 0.13

    McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.

  • CVE-2015-0921Jan 9, 2015
    risk 0.04cvss epss 0.17

    XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.

  • CVE-2014-2588Mar 24, 2014
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.

  • CVE-2008-1855Apr 16, 2008
    risk 0.04cvss epss 0.08

    FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid…

  • CVE-2008-0127Jan 10, 2008
    risk 0.04cvss epss 0.09

    The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.

  • CVE-2007-2584May 10, 2007
    risk 0.04cvss epss 0.10

    Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument.

  • CVE-2005-0643May 2, 2005
    risk 0.04cvss epss 0.10

    Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files.

  • CVE-2004-0937Feb 9, 2005
    risk 0.04cvss epss 0.15

    Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being…

  • CVE-2004-0934Jan 27, 2005
    risk 0.04cvss epss 0.15

    Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

  • CVE-2004-0936Jan 27, 2005
    risk 0.04cvss epss 0.15

    RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

  • CVE-2004-0935Jan 27, 2005
    risk 0.04cvss epss 0.15

    Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

  • CVE-2004-1096Jan 10, 2005
    risk 0.04cvss epss 0.17

    Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on…

  • CVE-2022-1257Apr 14, 2022
    risk 0.03cvss epss 0.01

    Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.

  • CVE-2018-6756Dec 6, 2018
    risk 0.03cvss epss 0.01

    Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.

  • CVE-2018-6757Dec 6, 2018
    risk 0.03cvss epss 0.01

    Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.

  • CVE-2018-6755Dec 6, 2018
    risk 0.03cvss epss 0.01

    Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.

  • CVE-2015-1305Feb 6, 2015
    risk 0.03cvss epss 0.01

    McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.

  • CVE-2014-2587Mar 24, 2014
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).

  • CVE-2014-2586Mar 24, 2014
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.

  • CVE-2013-5094Jan 28, 2014
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.

  • CVE-2013-4884Jan 21, 2014
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.

  • CVE-2013-4883Jul 22, 2013
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter…

  • CVE-2013-4882Jul 22, 2013
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1)…

  • CVE-2013-0140May 1, 2013
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.

  • CVE-2012-5879Mar 28, 2013
    risk 0.03cvss epss 0.05

    An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.

  • CVE-2009-3566Nov 13, 2009
    risk 0.03cvss epss 0.04

    McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.

  • CVE-2009-3565Nov 13, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.

  • CVE-2008-1357Mar 17, 2008
    risk 0.03cvss epss 0.06

    Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code…

  • CVE-2007-1227Mar 2, 2007
    risk 0.03cvss epss 0.01

    VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute…

  • CVE-2005-4505Dec 23, 2005
    risk 0.03cvss epss 0.01

    Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE…

  • CVE-2004-1908Dec 31, 2004
    risk 0.03cvss epss 0.03

    McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows remote attackers to obtain sensitive information via the GetSpecialFolderLocation function with certain parameters.

  • CVE-2004-1906Dec 31, 2004
    risk 0.03cvss epss 0.04

    Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow.

  • CVE-2000-1129Jan 9, 2001
    risk 0.03cvss epss 0.02

    McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.

  • CVE-2000-0119Dec 22, 1999
    risk 0.03cvss epss 0.01

    The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.

  • CVE-2023-31497May 11, 2023
    risk 0.01cvss epss 0.01

    Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system.

  • CVE-2020-7318Oct 14, 2020
    risk 0.01cvss epss 0.01

    Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

  • CVE-2006-5273Jul 12, 2007
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet.

  • CVE-2007-1498Mar 16, 2007
    risk 0.01cvss epss 0.08

    Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary…

  • CVE-2005-0644May 2, 2005
    risk 0.01cvss epss 0.07

    Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643.

  • CVE-2002-0690Apr 11, 2003
    risk 0.01cvss epss 0.08

    Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.

  • CVE-2024-11598Dec 11, 2024
    risk 0.00cvss epss 0.00

    Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation.

  • CVE-2024-25254Nov 11, 2024
    risk 0.00cvss epss 0.00

    SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter.

  • CVE-2024-0206Jan 9, 2024
    risk 0.00cvss epss 0.00

    A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry…

  • CVE-2023-20084Nov 22, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An…

  • CVE-2023-5445Nov 17, 2023
    risk 0.00cvss epss 0.00

    An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user…

Page 4 of 12