Filtered by vendor Mcafee
Subscribe
Total
597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6671 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. | |||||
| CVE-2018-6672 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. | |||||
| CVE-2018-6668 | 1 Mcafee | 1 Application Change Control | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell. | |||||
| CVE-2018-6664 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. | |||||
| CVE-2018-6659 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. | |||||
| CVE-2018-6667 | 1 Mcafee | 1 Mcafee Web Gateway | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). | |||||
| CVE-2017-3936 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | |||||
| CVE-2017-3967 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames. | |||||
| CVE-2017-3966 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL. | |||||
| CVE-2017-3907 | 1 Mcafee | 1 Mcafee Threat Intelligence Exchange | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | |||||
| CVE-2017-3968 | 1 Mcafee | 2 Network Data Loss Prevention, Network Security Manager | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. | |||||
| CVE-2017-3912 | 1 Mcafee | 1 Application And Change Control | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility. | |||||
| CVE-2017-4028 | 2 Mcafee, Microsoft | 7 Anti-virus Plus, Endpoint Security, Host Intrusion Prevention and 4 more | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. | |||||
| CVE-2017-3960 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter. | |||||
| CVE-2017-3961 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes. | |||||
| CVE-2017-3962 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. | |||||
| CVE-2017-3964 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter. | |||||
| CVE-2017-3965 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. | |||||
| CVE-2017-3969 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL. | |||||
| CVE-2017-3971 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers. | |||||