Filtered by vendor Mcafee
Subscribe
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-31838 | 1 Mcafee | 1 Mvision Edr | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | |||||
CVE-2020-7293 | 1 Mcafee | 1 Web Gateway | 2023-12-10 | 7.7 HIGH | 9.0 CRITICAL |
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. | |||||
CVE-2019-3597 | 1 Mcafee | 1 Network Security Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions. | |||||
CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2023-12-10 | 4.3 MEDIUM | 9.6 CRITICAL |
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | |||||
CVE-2018-6703 | 1 Mcafee | 1 Agent | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. | |||||
CVE-2018-6677 | 1 Mcafee | 1 Mcafee Web Gateway | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. | |||||
CVE-2018-6678 | 1 Mcafee | 1 Mcafee Web Gateway | 2023-12-10 | 6.5 MEDIUM | 9.1 CRITICAL |
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. | |||||
CVE-2018-18311 | 8 Apple, Canonical, Debian and 5 more | 18 Mac Os X, Ubuntu Linux, Debian Linux and 15 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
CVE-2019-9169 | 4 Canonical, Gnu, Mcafee and 1 more | 6 Ubuntu Linux, Glibc, Web Gateway and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. | |||||
CVE-2018-10381 | 1 Mcafee | 1 Tunnelbear | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | |||||
CVE-2017-3972 | 1 Mcafee | 1 Network Security Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information. | |||||
CVE-2017-3907 | 1 Mcafee | 1 Mcafee Threat Intelligence Exchange | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | |||||
CVE-2017-3936 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | |||||
CVE-2018-6667 | 1 Mcafee | 1 Mcafee Web Gateway | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). | |||||
CVE-2017-3968 | 1 Mcafee | 2 Network Data Loss Prevention, Network Security Manager | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. | |||||
CVE-2017-3962 | 1 Mcafee | 1 Network Security Manager | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. | |||||
CVE-2017-4052 | 1 Mcafee | 1 Advanced Threat Defense | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter. | |||||
CVE-2017-3897 | 1 Mcafee | 2 Livesafe, Security Scan Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. | |||||
CVE-2017-4053 | 1 Mcafee | 1 Advanced Threat Defense | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | |||||
CVE-2016-8027 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. |