Filtered by vendor Mcafee
Subscribe
Total
603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2188 | 1 Mcafee | 1 Intrushield Security Management System | 2016-10-18 | 7.5 HIGH | N/A |
| McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack. | |||||
| CVE-2005-2187 | 1 Mcafee | 1 Intrushield Security Management System | 2016-10-18 | 4.6 MEDIUM | N/A |
| McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp. | |||||
| CVE-2005-2186 | 1 Mcafee | 1 Intrushield Security Management System | 2016-10-18 | 1.9 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp. | |||||
| CVE-2000-0119 | 2 Mcafee, Symantec | 2 Virusscan, Norton Antivirus | 2016-10-18 | 7.2 HIGH | N/A |
| The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. | |||||
| CVE-2015-8577 | 1 Mcafee | 1 Virusscan Enterprise | 2016-05-26 | 2.6 LOW | N/A |
| The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | |||||
| CVE-2016-3969 | 1 Mcafee | 1 Email Gateway | 2016-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email. | |||||
| CVE-2016-3984 | 1 Mcafee | 7 Active Response, Agent, Data Exchange Layer and 4 more | 2016-05-18 | 3.6 LOW | 5.1 MEDIUM |
| The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys. | |||||
| CVE-2016-4535 | 1 Mcafee | 1 Livesafe | 2016-05-10 | 7.8 HIGH | 7.5 HIGH |
| Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable. | |||||
| CVE-2016-3983 | 1 Mcafee | 1 Advanced Threat Defense | 2016-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | |||||
| CVE-2015-8772 | 1 Mcafee | 1 File Lock | 2016-03-04 | 8.5 HIGH | 9.1 CRITICAL |
| McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call. | |||||
| CVE-2016-2199 | 1 Mcafee | 1 Vulnerability Manager | 2016-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | |||||
| CVE-2015-8773 | 1 Mcafee | 1 File Lock | 2016-02-25 | 7.8 HIGH | 7.5 HIGH |
| Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call. | |||||
| CVE-2016-1715 | 2 Mcafee, Microsoft | 2 Application Control, Windows | 2016-01-21 | 5.5 MEDIUM | 6.6 MEDIUM |
| The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location. | |||||
| CVE-2015-7612 | 1 Mcafee | 1 Vulnerability Manager | 2015-10-02 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | |||||
| CVE-2015-7238 | 1 Mcafee | 1 Threat Intelligence Exchange | 2015-09-22 | 2.1 LOW | N/A |
| The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files. | |||||
| CVE-2015-7237 | 1 Mcafee | 1 Mcafee Agent | 2015-09-22 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-3030 | 1 Mcafee | 1 Advanced Threat Defense | 2015-04-09 | 4.0 MEDIUM | N/A |
| The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors. | |||||
| CVE-2015-3029 | 1 Mcafee | 1 Advanced Threat Defense | 2015-04-09 | 4.0 MEDIUM | N/A |
| The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-3028 | 1 Mcafee | 1 Advanced Threat Defense | 2015-04-09 | 5.5 MEDIUM | N/A |
| McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters. | |||||
| CVE-2015-1619 | 1 Mcafee | 1 Email Gateway | 2015-02-18 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. | |||||