CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mcafee : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-3653 306 2019-10-09 2019-10-15
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.
2 CVE-2019-3652 94 2019-10-09 2019-10-15
4.6
None Local Low Not required Partial Partial Partial
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.
3 CVE-2019-3646 426 Exec Code 2019-09-13 2019-10-09
6.0
None Remote Medium Single system Partial Partial Partial
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
4 CVE-2019-3644 20 DoS 2019-09-11 2019-10-09
5.0
None Remote Low Not required None None Partial
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.
5 CVE-2019-3643 20 DoS 2019-09-11 2019-10-09
5.0
None Remote Low Not required None None Partial
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.
6 CVE-2019-3639 20 2019-08-14 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header.
7 CVE-2019-3638 79 Exec Code XSS 2019-09-12 2019-10-09
4.3
None Remote Medium Not required None Partial None
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.
8 CVE-2019-3637 264 +Priv 2019-08-14 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges.
9 CVE-2019-3635 200 +Info 2019-08-14 2019-10-09
4.3
None Remote Medium Not required Partial None None
Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe.
10 CVE-2019-3634 119 Overflow 2019-08-21 2019-10-09
4.9
None Local Low Not required None None Complete
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.
11 CVE-2019-3633 119 Overflow Bypass 2019-08-21 2019-10-09
4.9
None Local Low Not required None None Complete
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.
12 CVE-2019-3632 22 +Priv Dir. Trav. 2019-06-27 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input.
13 CVE-2019-3631 77 Exec Code 2019-06-27 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
14 CVE-2019-3630 77 Exec Code 2019-06-27 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
15 CVE-2019-3629 287 Bypass 2019-06-27 2019-10-09
4.3
None Remote Medium Not required None Partial None
Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters.
16 CVE-2019-3628 264 +Priv 2019-06-27 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control.
17 CVE-2019-3622 284 2019-07-24 2019-07-25
4.6
None Local Low Not required Partial Partial Partial
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.
18 CVE-2019-3621 287 Bypass 2019-07-25 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine.
19 CVE-2019-3619 200 +Info 2019-07-03 2019-07-09
4.0
None Remote Low Single system Partial None None
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.
20 CVE-2019-3615 255 2019-03-12 2019-10-09
2.1
None Local Low Not required Partial None None
Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.
21 CVE-2019-3610 200 +Info 2019-02-13 2019-10-09
2.1
None Local Low Not required Partial None None
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
22 CVE-2019-3606 200 +Info 2019-03-26 2019-10-09
1.9
None Local Medium Not required Partial None None
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.
23 CVE-2019-3604 352 CSRF 2019-02-01 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.
24 CVE-2019-3602 79 XSS 2019-05-15 2019-05-21
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.
25 CVE-2019-3599 200 +Info 2019-02-28 2019-10-09
4.3
None Remote Medium Not required Partial None None
Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled.
26 CVE-2019-3598 119 DoS Overflow 2019-02-28 2019-10-09
5.0
None Remote Low Not required None None Partial
Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets.
27 CVE-2019-3597 287 Bypass 2019-03-26 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
28 CVE-2019-3595 77 Exec Code 2019-07-24 2019-10-09
4.4
None Local Medium Not required Partial Partial Partial
Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our checks, the user must explicitly allow the code to execute.
29 CVE-2019-3593 264 Bypass 2019-01-28 2019-10-09
5.6
None Local Low Not required None Partial Complete
Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware.
30 CVE-2019-3592 264 2019-07-18 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and placing a carefully constructed file in the MA directory.
31 CVE-2019-3591 79 XSS 2019-07-24 2019-07-26
4.3
None Remote Medium Not required None Partial None
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI.
32 CVE-2019-3586 254 2019-05-15 2019-05-22
5.1
None Remote High Not required Partial Partial Partial
Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection.
33 CVE-2019-3582 264 +Priv 2019-02-28 2019-10-09
6.1
None Local Low Not required Partial Complete Partial
Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances.
34 CVE-2018-10381 732 Exec Code 2018-04-25 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.
35 CVE-2018-6757 Exec Code 2018-12-06 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
36 CVE-2018-6756 Exec Code 2018-12-06 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
37 CVE-2018-6755 732 Exec Code 2018-12-06 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
38 CVE-2018-6707 400 DoS Exec Code 2018-12-13 2019-10-09
4.4
None Local Medium Not required Partial Partial Partial
Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism.
39 CVE-2018-6706 2018-12-12 2019-10-09
5.0
None Remote Low Not required None Partial None
Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.
40 CVE-2018-6705 Exec Code 2018-12-12 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
41 CVE-2018-6704 Exec Code 2018-12-12 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
42 CVE-2018-6703 416 DoS Exec Code 2018-12-11 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.
43 CVE-2018-6695 2018-10-03 2019-10-09
4.3
None Remote Medium Not required None Partial None
SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.
44 CVE-2018-6693 367 2018-09-18 2019-10-09
3.3
None Local Medium Not required None Partial Partial
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.
45 CVE-2018-6690 346 Exec Code 2018-09-18 2019-10-09
3.6
None Local Low Not required Partial Partial None
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
46 CVE-2018-6689 287 Bypass 2018-10-03 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions.
47 CVE-2018-6687 400 2019-02-21 2019-10-09
4.3
None Remote Medium Not required None None Partial
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.
48 CVE-2018-6686 287 Bypass 2018-07-27 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances.
49 CVE-2018-6683 276 Bypass 2018-07-23 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
50 CVE-2018-6682 79 XSS 2018-09-24 2019-10-09
4.3
None Remote Medium Not required Partial None None
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
Total number of vulnerabilities : 332   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.