A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.
Max CVSS
5.9
EPSS Score
0.43%
Published
2017-09-01
Updated
2019-10-03
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.
Max CVSS
9.8
EPSS Score
0.40%
Published
2017-09-01
Updated
2017-09-06
Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable.
Max CVSS
7.8
EPSS Score
1.04%
Published
2016-05-05
Updated
2016-05-10
3 vulnerabilities found