Filtered by vendor Mcafee
Subscribe
Search
Total
163 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7290 | 2 Linux, Mcafee | 2 Linux Kernel, Active Response | 2020-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-7250 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 7.8 HIGH |
| Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | |||||
| CVE-2020-7274 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | |||||
| CVE-2020-7259 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | |||||
| CVE-2020-7260 | 1 Mcafee | 1 Application And Change Control | 2020-03-30 | 4.4 MEDIUM | 7.8 HIGH |
| DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. | |||||
| CVE-2020-7254 | 1 Mcafee | 1 Advanced Threat Defense | 2020-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command. | |||||
| CVE-2019-3663 | 1 Mcafee | 1 Advanced Threat Defense | 2020-01-07 | 2.1 LOW | 7.8 HIGH |
| Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details | |||||
| CVE-2019-3667 | 1 Mcafee | 1 Techcheck | 2019-12-16 | 4.4 MEDIUM | 7.8 HIGH |
| DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker. | |||||
| CVE-2019-3661 | 1 Mcafee | 1 Advanced Threat Defense | 2019-11-15 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | |||||
| CVE-2019-3604 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. | |||||
| CVE-2019-3632 | 1 Mcafee | 1 Enterprise Security Manager | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. | |||||
| CVE-2019-3581 | 1 Mcafee | 1 Mcafee Web Gateway | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter. | |||||
| CVE-2018-6705 | 1 Mcafee | 1 Agent | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions. | |||||
| CVE-2018-6757 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | |||||
| CVE-2018-6756 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware. | |||||
| CVE-2018-6755 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | |||||
| CVE-2018-6707 | 1 Mcafee | 1 Agent | 2019-10-09 | 4.4 MEDIUM | 7.0 HIGH |
| Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism. | |||||
| CVE-2018-6706 | 1 Mcafee | 1 Agent | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors. | |||||
| CVE-2018-6704 | 1 Mcafee | 1 Agent | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions. | |||||
| CVE-2018-6700 | 1 Mcafee | 1 True Key | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware. | |||||
| CVE-2018-6690 | 2 Mcafee, Microsoft | 2 Application Change Control, Windows | 2019-10-09 | 3.6 LOW | 7.1 HIGH |
| Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. | |||||
| CVE-2018-6689 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions. | |||||
| CVE-2018-6683 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2019-10-09 | 4.6 MEDIUM | 7.4 HIGH |
| Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | |||||
| CVE-2018-6669 | 1 Mcafee | 1 Application Change Control | 2019-10-09 | 5.2 MEDIUM | 8.0 HIGH |
| A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. | |||||
| CVE-2018-6668 | 1 Mcafee | 1 Application Change Control | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell. | |||||
| CVE-2018-6664 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. | |||||
| CVE-2018-6662 | 2 Apple, Mcafee | 2 Mac Os X, Management Of Native Encryption | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input. | |||||
| CVE-2018-6661 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature. | |||||
| CVE-2017-3912 | 1 Mcafee | 1 Application And Change Control | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility. | |||||
| CVE-2017-3965 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. | |||||
| CVE-2017-3960 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter. | |||||
| CVE-2017-4057 | 1 Mcafee | 1 Advanced Threat Defense | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands. | |||||
| CVE-2016-4447 | 8 Apple, Canonical, Debian and 5 more | 12 Iphone Os, Itunes, Mac Os X and 9 more | 2019-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | |||||
| CVE-2016-1762 | 6 Apple, Canonical, Debian and 3 more | 15 Iphone Os, Mac Os X, Safari and 12 more | 2019-03-26 | 5.8 MEDIUM | 8.1 HIGH |
| The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2016-1840 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2019-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||||
| CVE-2016-1834 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2019-03-25 | 9.3 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||||
| CVE-2016-8012 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2019-03-07 | 4.6 MEDIUM | 7.8 HIGH |
| Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. | |||||
| CVE-2015-8765 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-02-14 | 7.5 HIGH | 8.3 HIGH |
| Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
| CVE-2017-3980 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. | |||||
| CVE-2017-3935 | 1 Mcafee | 1 Network Data Loss Prevention | 2017-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type. | |||||
| CVE-2016-8023 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 6.8 MEDIUM | 8.1 HIGH |
| Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. | |||||
| CVE-2016-8020 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 6.0 MEDIUM | 8.0 HIGH |
| Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. | |||||
| CVE-2016-8022 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 5.1 MEDIUM | 7.5 HIGH |
| Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie. | |||||
| CVE-2016-8024 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 6.8 MEDIUM | 8.1 HIGH |
| Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing. | |||||
| CVE-2017-4054 | 1 Mcafee | 1 Advanced Threat Defense | 2017-07-17 | 6.5 MEDIUM | 8.8 HIGH |
| Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter. | |||||
| CVE-2017-4055 | 1 Mcafee | 1 Advanced Threat Defense | 2017-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization. | |||||
| CVE-2016-8032 | 1 Mcafee | 1 Anti-malware Scan Engine | 2017-07-12 | 4.4 MEDIUM | 7.3 HIGH |
| Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | |||||
| CVE-2017-4014 | 1 Mcafee | 1 Network Data Loss Prevention | 2017-07-08 | 6.0 MEDIUM | 8.0 HIGH |
| Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request. | |||||
| CVE-2016-8026 | 1 Mcafee | 1 Security Scan Plus | 2017-05-02 | 4.6 MEDIUM | 7.8 HIGH |
| Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. | |||||
| CVE-2016-8010 | 1 Mcafee | 2 Application Control, Endpoint Security | 2017-03-30 | 4.6 MEDIUM | 7.8 HIGH |
| Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility. | |||||