# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-1258 |
89 |
|
Exec Code Sql |
2022-04-14 |
2022-04-23 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. |
2 |
CVE-2021-31849 |
89 |
|
Sql |
2021-11-01 |
2021-11-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension. |
3 |
CVE-2021-31847 |
347 |
|
Exec Code |
2021-09-22 |
2021-09-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature. |
4 |
CVE-2021-31845 |
120 |
|
Exec Code Overflow |
2021-09-17 |
2021-10-01 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. |
5 |
CVE-2021-31841 |
426 |
|
Exec Code |
2021-09-22 |
2021-09-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature. |
6 |
CVE-2021-31837 |
787 |
|
Exec Code Overflow Mem. Corr. |
2021-06-09 |
2021-06-16 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD. |
7 |
CVE-2021-31831 |
552 |
|
|
2021-06-03 |
2021-06-15 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API. |
8 |
CVE-2021-23892 |
59 |
|
|
2021-05-12 |
2022-12-20 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations. |
9 |
CVE-2021-4088 |
89 |
|
Exec Code Sql |
2022-01-24 |
2022-01-31 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation. |
10 |
CVE-2020-7332 |
352 |
|
Exec Code CSRF |
2020-11-12 |
2020-11-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. |
11 |
CVE-2020-7329 |
918 |
|
|
2020-11-11 |
2020-11-20 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. |
12 |
CVE-2020-7328 |
918 |
|
Exec Code |
2020-11-11 |
2020-11-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator. |
13 |
CVE-2020-7311 |
269 |
|
|
2020-09-10 |
2022-06-01 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. |
14 |
CVE-2020-7308 |
319 |
|
|
2021-04-15 |
2021-04-27 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses. |
15 |
CVE-2020-2604 |
502 |
|
|
2020-01-15 |
2022-10-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
16 |
CVE-2019-9516 |
770 |
|
DoS |
2019-08-13 |
2022-08-05 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. |
17 |
CVE-2019-3661 |
89 |
|
Exec Code Sql |
2019-11-14 |
2019-11-15 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. |
18 |
CVE-2019-3660 |
|
|
Exec Code |
2019-11-13 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. |
19 |
CVE-2019-3651 |
200 |
|
+Info |
2019-11-13 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. |
20 |
CVE-2019-3646 |
426 |
|
Exec Code |
2019-09-13 |
2019-10-09 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. |
21 |
CVE-2019-3632 |
22 |
|
+Priv Dir. Trav. |
2019-06-27 |
2022-12-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. |
22 |
CVE-2019-3631 |
78 |
|
Exec Code |
2019-06-27 |
2022-12-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. |
23 |
CVE-2019-3630 |
78 |
|
Exec Code |
2019-06-27 |
2022-12-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. |
24 |
CVE-2019-3628 |
|
|
+Priv |
2019-06-27 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. |
25 |
CVE-2019-3617 |
269 |
|
+Priv |
2020-06-10 |
2020-06-16 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files. |
26 |
CVE-2019-3604 |
352 |
|
CSRF |
2019-02-01 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. |
27 |
CVE-2019-3588 |
269 |
|
|
2020-06-10 |
2021-10-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked. |
28 |
CVE-2019-3582 |
|
|
+Priv |
2019-02-28 |
2020-08-24 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Complete |
Partial |
Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances. |
29 |
CVE-2018-6700 |
426 |
|
Exec Code |
2018-09-24 |
2023-01-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware. |
30 |
CVE-2018-6678 |
|
|
Exec Code |
2018-07-23 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. |
31 |
CVE-2017-4057 |
|
|
+Priv |
2017-07-12 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands. |
32 |
CVE-2017-4054 |
77 |
|
Exec Code |
2017-07-12 |
2017-07-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter. |
33 |
CVE-2017-4014 |
384 |
|
|
2017-05-17 |
2017-07-08 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request. |
34 |
CVE-2017-3980 |
22 |
|
Exec Code Dir. Trav. |
2017-05-18 |
2019-02-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. |
35 |
CVE-2017-3968 |
384 |
|
|
2018-06-13 |
2019-10-09 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. |
36 |
CVE-2017-3966 |
613 |
|
|
2018-04-04 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL. |
37 |
CVE-2017-3965 |
352 |
|
CSRF |
2018-04-04 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. |
38 |
CVE-2017-3960 |
|
|
+Priv |
2018-06-12 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter. |
39 |
CVE-2016-8025 |
89 |
|
Sql +Info |
2017-03-14 |
2017-09-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. |
40 |
CVE-2016-8024 |
113 |
|
+Info |
2017-03-14 |
2017-09-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing. |
41 |
CVE-2016-8023 |
287 |
|
Bypass |
2017-03-14 |
2017-09-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. |
42 |
CVE-2016-8020 |
94 |
|
Exec Code |
2017-03-14 |
2017-09-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. |
43 |
CVE-2016-8018 |
352 |
|
Exec Code CSRF |
2017-03-14 |
2017-09-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input. |
44 |
CVE-2016-4472 |
119 |
|
DoS Exec Code Overflow |
2016-06-30 |
2022-07-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. |
45 |
CVE-2016-2199 |
352 |
|
CSRF |
2016-02-01 |
2016-03-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. |
46 |
CVE-2016-1840 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-05-20 |
2019-03-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. |
47 |
CVE-2015-8993 |
264 |
|
|
2017-03-14 |
2017-03-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. |
48 |
CVE-2015-8992 |
264 |
|
|
2017-03-14 |
2017-03-23 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. |
49 |
CVE-2015-8991 |
264 |
|
|
2017-03-14 |
2017-03-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. |
50 |
CVE-2015-8988 |
77 |
|
Exec Code |
2017-03-14 |
2017-03-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path. |