The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.
Max CVSS
8.8
EPSS Score
92.03%
Published
2008-01-10
Updated
2018-10-15
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.
Max CVSS
8.2
EPSS Score
30.40%
Published
2013-03-28
Updated
2013-03-29
McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
Max CVSS
8.5
EPSS Score
0.11%
Published
2013-11-02
Updated
2013-11-04
Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Max CVSS
8.3
EPSS Score
0.20%
Published
2016-01-08
Updated
2019-02-14
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path.
Max CVSS
8.8
EPSS Score
0.09%
Published
2017-03-14
Updated
2017-03-23
Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-03-14
Updated
2017-03-22
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
Max CVSS
8.1
EPSS Score
0.78%
Published
2016-03-24
Updated
2019-03-26
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
Max CVSS
8.8
EPSS Score
0.09%
Published
2016-02-01
Updated
2016-03-01
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
Max CVSS
8.1
EPSS Score
1.37%
Published
2016-06-30
Updated
2023-02-12
Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system.
Max CVSS
8.8
EPSS Score
0.04%
Published
2017-03-14
Updated
2017-03-27
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
Max CVSS
8.0
EPSS Score
0.28%
Published
2017-03-14
Updated
2017-09-03
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
Max CVSS
8.1
EPSS Score
0.80%
Published
2017-03-14
Updated
2017-09-03
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
Max CVSS
8.1
EPSS Score
0.80%
Published
2017-03-14
Updated
2017-09-03
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.
Max CVSS
8.8
EPSS Score
0.10%
Published
2018-06-12
Updated
2019-10-09
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.
Max CVSS
8.8
EPSS Score
0.11%
Published
2018-04-04
Updated
2019-10-09
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.
Max CVSS
8.2
EPSS Score
0.13%
Published
2018-04-04
Updated
2019-10-09
Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.
Max CVSS
8.2
EPSS Score
0.06%
Published
2018-04-04
Updated
2019-10-09
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.
Max CVSS
8.0
EPSS Score
0.18%
Published
2017-05-17
Updated
2017-07-08
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter.
Max CVSS
8.8
EPSS Score
0.12%
Published
2017-07-12
Updated
2017-07-17
Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands.
Max CVSS
8.8
EPSS Score
0.21%
Published
2017-07-12
Updated
2019-10-03
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.
Max CVSS
8.8
EPSS Score
0.36%
Published
2018-05-25
Updated
2019-10-09
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form.
Max CVSS
8.0
EPSS Score
0.04%
Published
2018-12-20
Updated
2019-10-09
Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances.
Max CVSS
8.6
EPSS Score
0.04%
Published
2019-02-28
Updated
2020-08-24
Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-02-01
Updated
2019-10-09
Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.
Max CVSS
8.2
EPSS Score
0.04%
Published
2019-04-10
Updated
2023-02-03
69 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!