Filtered by vendor Mcafee
Subscribe
Total
603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8019 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input. | |||||
| CVE-2016-8018 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 6.0 MEDIUM | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input. | |||||
| CVE-2016-8017 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 4.0 MEDIUM | 4.1 MEDIUM |
| Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input. | |||||
| CVE-2016-8016 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 3.5 LOW | 3.4 LOW |
| Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter. | |||||
| CVE-2014-2588 | 1 Mcafee | 1 Asset Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. | |||||
| CVE-2014-2587 | 1 Mcafee | 1 Asset Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). | |||||
| CVE-2014-1473 | 1 Mcafee | 1 Vulnerability Manager | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page." | |||||
| CVE-2014-1472 | 1 Mcafee | 1 Vulnerability Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7104 | 1 Mcafee | 1 Email Gateway | 2017-08-29 | 9.0 HIGH | N/A |
| McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. | |||||
| CVE-2013-7103 | 1 Mcafee | 1 Email Gateway | 2017-08-29 | 9.0 HIGH | N/A |
| McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. | |||||
| CVE-2013-7092 | 1 Mcafee | 1 Email Gateway | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys. | |||||
| CVE-2013-4884 | 1 Mcafee | 1 Superscan | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report. | |||||
| CVE-2012-4597 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. | |||||
| CVE-2012-4595 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2017-08-29 | 7.5 HIGH | N/A |
| McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. | |||||
| CVE-2012-4594 | 1 Mcafee | 1 Epolicy Orchestrator | 2017-08-29 | 4.0 MEDIUM | N/A |
| McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. | |||||
| CVE-2012-4592 | 1 Mcafee | 1 Enterprise Mobility Manager | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2012-4591 | 1 Mcafee | 1 Enterprise Mobility Manager | 2017-08-29 | 5.0 MEDIUM | N/A |
| About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. | |||||
| CVE-2012-4590 | 1 Mcafee | 1 Enterprise Mobility Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable. | |||||
| CVE-2012-4589 | 1 Mcafee | 1 Enterprise Mobility Manager | 2017-08-29 | 2.1 LOW | N/A |
| Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2012-4587 | 1 Mcafee | 2 Enterprise Mobility Manager, Enterprise Mobility Manager Agent | 2017-08-29 | 3.5 LOW | N/A |
| McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device. | |||||