Filtered by vendor Mcafee
Subscribe
Search
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0718 | 9 Apple, Canonical, Debian and 6 more | 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | |||||
| CVE-2019-9169 | 4 Canonical, Gnu, Mcafee and 1 more | 6 Ubuntu Linux, Glibc, Web Gateway and 3 more | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. | |||||
| CVE-2020-7293 | 1 Mcafee | 1 Web Gateway | 2022-01-06 | 7.7 HIGH | 9.0 CRITICAL |
| Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. | |||||
| CVE-2021-31838 | 1 Mcafee | 1 Mvision Edr | 2021-07-02 | 9.0 HIGH | 9.1 CRITICAL |
| A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | |||||
| CVE-2019-3597 | 1 Mcafee | 1 Network Security Manager | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions. | |||||
| CVE-2018-18311 | 8 Apple, Canonical, Debian and 5 more | 18 Mac Os X, Ubuntu Linux, Debian Linux and 15 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 21 Icloud, Iphone Os, Itunes and 18 more | 2019-12-27 | 10.0 HIGH | 9.8 CRITICAL |
| Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | |||||
| CVE-2018-6703 | 1 Mcafee | 1 Agent | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. | |||||
| CVE-2018-6678 | 1 Mcafee | 1 Mcafee Web Gateway | 2019-10-09 | 6.5 MEDIUM | 9.1 CRITICAL |
| Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2018-6667 | 1 Mcafee | 1 Mcafee Web Gateway | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). | |||||
| CVE-2018-6677 | 1 Mcafee | 1 Mcafee Web Gateway | 2019-10-09 | 9.0 HIGH | 9.1 CRITICAL |
| Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. | |||||
| CVE-2017-3936 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | |||||
| CVE-2017-3907 | 1 Mcafee | 1 Mcafee Threat Intelligence Exchange | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | |||||
| CVE-2017-3972 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information. | |||||
| CVE-2017-3968 | 1 Mcafee | 2 Network Data Loss Prevention, Network Security Manager | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. | |||||
| CVE-2017-3962 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. | |||||
| CVE-2017-4053 | 1 Mcafee | 1 Advanced Threat Defense | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | |||||
| CVE-2018-10381 | 1 Mcafee | 1 Tunnelbear | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | |||||
| CVE-2016-8027 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-03-07 | 7.5 HIGH | 10.0 CRITICAL |
| SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. | |||||
| CVE-2017-3897 | 1 Mcafee | 2 Livesafe, Security Scan Plus | 2017-09-06 | 7.5 HIGH | 9.8 CRITICAL |
| A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. | |||||
| CVE-2017-4052 | 1 Mcafee | 1 Advanced Threat Defense | 2017-07-17 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter. | |||||
| CVE-2014-9921 | 1 Mcafee | 1 Cloud Analysis And Deconstructive Services | 2017-03-23 | 9.7 HIGH | 9.8 CRITICAL |
| Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error. | |||||
| CVE-2015-8772 | 1 Mcafee | 1 File Lock | 2016-03-04 | 8.5 HIGH | 9.1 CRITICAL |
| McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call. | |||||