Filtered by vendor Mcafee
Subscribe
Total
597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3663 | 1 Mcafee | 1 Advanced Threat Defense | 2020-01-07 | 2.1 LOW | 7.8 HIGH |
| Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details | |||||
| CVE-2019-3667 | 1 Mcafee | 1 Techcheck | 2019-12-16 | 4.4 MEDIUM | 7.8 HIGH |
| DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker. | |||||
| CVE-2019-3666 | 1 Mcafee | 1 Webadvisor | 2019-12-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site. | |||||
| CVE-2019-3665 | 1 Mcafee | 1 Webadvisor | 2019-12-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. | |||||
| CVE-2019-3661 | 1 Mcafee | 1 Advanced Threat Defense | 2019-11-15 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | |||||
| CVE-2019-3662 | 1 Mcafee | 1 Advanced Threat Defense | 2019-11-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. | |||||
| CVE-2019-3652 | 2 Mcafee, Microsoft | 2 Endpoint Security, Windows | 2019-10-15 | 4.6 MEDIUM | 5.3 MEDIUM |
| Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer. | |||||
| CVE-2019-3587 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2019-10-09 | 6.8 MEDIUM | 6.5 MEDIUM |
| DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder. | |||||
| CVE-2019-3646 | 1 Mcafee | 1 Total Protection | 2019-10-09 | 6.0 MEDIUM | 6.5 MEDIUM |
| DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. | |||||
| CVE-2019-3581 | 1 Mcafee | 1 Mcafee Web Gateway | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter. | |||||
| CVE-2019-3598 | 1 Mcafee | 1 Agent | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets. | |||||
| CVE-2019-3604 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. | |||||
| CVE-2019-3610 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware. | |||||
| CVE-2018-6756 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware. | |||||
| CVE-2018-6707 | 1 Mcafee | 1 Agent | 2019-10-09 | 4.4 MEDIUM | 7.0 HIGH |
| Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism. | |||||
| CVE-2018-6757 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | |||||
| CVE-2018-6755 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | |||||
| CVE-2018-6660 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | |||||
| CVE-2018-6669 | 1 Mcafee | 1 Application Change Control | 2019-10-09 | 5.2 MEDIUM | 8.0 HIGH |
| A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. | |||||
| CVE-2018-6670 | 1 Mcafee | 1 Common Catalog | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter. | |||||