CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mcafee : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-4057 264 +Priv 2017-07-12 2017-07-17
6.5
None Remote Low Single system Partial Partial Partial
Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands.
2 CVE-2017-4055 306 Bypass 2017-07-12 2017-07-17
5.0
None Remote Low Not required None Partial None
Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization.
3 CVE-2017-4054 77 Exec Code 2017-07-12 2017-07-17
6.5
None Remote Low Single system Partial Partial Partial
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter.
4 CVE-2017-4053 77 Exec Code 2017-07-12 2017-07-17
7.5
None Remote Low Not required Partial Partial Partial
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter.
5 CVE-2017-4052 306 Bypass 2017-07-12 2017-07-17
7.5
None Remote Low Not required Partial Partial Partial
Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter.
6 CVE-2017-4017 200 +Info 2017-05-17 2017-07-07
5.0
None Remote Low Not required Partial None None
User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface.
7 CVE-2017-4016 200 +Info 2017-05-17 2017-07-07
5.0
None Remote Low Not required Partial None None
Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header.
8 CVE-2017-4015 20 2017-05-17 2017-07-07
3.5
None Remote Medium Single system None Partial None
Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.
9 CVE-2017-4014 384 2017-05-17 2017-07-07
6.0
None Remote Medium Single system Partial Partial Partial
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.
10 CVE-2017-4013 200 +Info 2017-05-17 2017-07-07
5.0
None Remote Low Not required Partial None None
Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header.
11 CVE-2017-4012 264 2017-05-17 2017-07-07
5.0
None Remote Low Not required Partial None None
Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request.
12 CVE-2017-4011 79 XSS 2017-05-17 2017-07-07
4.3
None Remote Medium Not required None Partial None
Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.
13 CVE-2017-3980 22 Exec Code Dir. Trav. 2017-05-18 2017-06-01
6.5
None Remote Low Single system Partial Partial Partial
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.
14 CVE-2017-3948 79 XSS 2017-06-23 2017-07-05
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.
15 CVE-2017-3902 79 XSS Bypass 2017-02-13 2017-07-25
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.
16 CVE-2017-3899 89 Sql +Info 2017-03-14 2017-03-23
4.0
None Remote Low Single system Partial None None
SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
17 CVE-2017-3896 20 2017-02-13 2017-07-25
4.3
None Remote Medium Not required None None Partial
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated.
18 CVE-2016-8032 284 Bypass 2017-03-31 2017-07-11
4.4
None Local Medium Not required Partial Partial Partial
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.
19 CVE-2016-8031 264 Bypass 2017-03-28 2017-07-11
4.4
None Local Medium Not required Partial Partial Partial
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.
20 CVE-2016-8030 119 DoS Overflow Mem. Corr. 2017-04-25 2017-05-08
4.3
None Remote Medium Not required None None Partial
A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link.
21 CVE-2016-8027 89 Sql 2017-03-14 2017-07-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.
22 CVE-2016-8026 264 Exec Code +Priv 2017-03-14 2017-05-01
4.6
None Local Low Not required Partial Partial Partial
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors.
23 CVE-2016-8025 89 Sql +Info 2017-03-14 2017-07-26
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
24 CVE-2016-8024 113 +Info 2017-03-14 2017-07-26
6.8
None Remote Medium Not required Partial Partial Partial
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
25 CVE-2016-8023 287 Bypass 2017-03-14 2017-07-26
6.8
None Remote Medium Not required Partial Partial Partial
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
26 CVE-2016-8022 287 DoS Exec Code Bypass 2017-03-14 2017-07-26
5.1
None Remote High Not required Partial Partial Partial
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.
27 CVE-2016-8021 347 Exec Code 2017-03-14 2017-07-26
3.5
None Remote Medium Single system None Partial None
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.
28 CVE-2016-8020 94 Exec Code 2017-03-14 2017-07-26
6.0
None Remote Medium Single system Partial Partial Partial
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
29 CVE-2016-8019 79 XSS 2017-03-14 2017-07-26
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
30 CVE-2016-8018 352 Exec Code CSRF 2017-03-14 2017-07-26
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.
31 CVE-2016-8017 20 2017-03-14 2017-07-26
4.0
None Remote Low Single system Partial None None
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.
32 CVE-2016-8016 200 +Info 2017-03-14 2017-07-26
3.5
None Remote Medium Single system Partial None None
Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.
33 CVE-2016-8012 264 2017-03-14 2017-03-31
4.6
None Local Low Not required Partial Partial Partial
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get.
34 CVE-2016-8010 284 Bypass 2017-03-14 2017-03-30
4.6
None Local Low Not required Partial Partial Partial
Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility.
35 CVE-2016-8009 264 Exec Code 2017-03-14 2017-03-27
4.6
None Local Low Not required Partial Partial Partial
Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call.
36 CVE-2016-8008 264 2017-03-14 2017-03-27
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system.
37 CVE-2016-8007 284 Bypass 2017-03-14 2017-03-23
3.0
None Local Medium Single system None Partial Partial
Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions.
38 CVE-2016-8006 264 Bypass 2017-01-05 2017-01-17
1.7
None Local Low Single system None Partial None
Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information including user passwords without supplying the current administrator password a second time via the GUI or GUI terminal commands.
39 CVE-2016-8005 264 2017-03-14 2017-03-30
4.0
None Remote Low Single system None Partial None
File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension.
40 CVE-2016-4535 20 DoS Mem. Corr. 2016-05-05 2016-05-10
7.8
None Remote Low Not required None None Complete
Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable.
41 CVE-2016-4534 264 Bypass 2016-05-05 2016-11-30
3.0
None Local Medium Single system None Partial Partial
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.
42 CVE-2016-3984 284 Bypass 2016-04-08 2016-05-18
3.6
None Local Low Not required None Partial Partial
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.
43 CVE-2016-3983 345 Bypass 2016-04-08 2016-04-11
5.0
None Remote Low Not required None Partial None
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process.
44 CVE-2016-3969 79 XSS 2016-04-06 2016-05-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email.
45 CVE-2016-2199 352 CSRF 2016-02-01 2016-03-01
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
46 CVE-2016-1715 189 DoS +Priv Mem. Corr. 2016-01-12 2016-01-21
5.5
None Local Medium Single system Partial Partial Complete
The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location.
47 CVE-2015-8993 264 2017-03-14 2017-03-28
6.9
None Local Medium Not required Complete Complete Complete
Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
48 CVE-2015-8992 264 2017-03-14 2017-03-23
6.9
None Local Medium Not required Complete Complete Complete
Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
49 CVE-2015-8991 264 2017-03-14 2017-03-28
6.9
None Local Medium Not required Complete Complete Complete
Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
50 CVE-2015-8990 254 Bypass 2017-03-14 2017-03-23
5.0
None Remote Low Not required None Partial None
Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware.
Total number of vulnerabilities : 248   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.