Vulnerabilities (CVE)

Filtered by vendor Mcafee Subscribe
Total 599 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-25134 1 Mcafee 1 Total Protection 2023-03-27 N/A 6.7 MEDIUM
McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.
CVE-2019-16168 8 Canonical, Debian, Fedoraproject and 5 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2023-03-23 4.3 MEDIUM 6.5 MEDIUM
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVE-2023-24578 1 Mcafee 1 Total Protection 2023-03-22 N/A 5.5 MEDIUM
McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks.
CVE-2023-24577 1 Mcafee 1 Total Protection 2023-03-22 N/A 5.5 MEDIUM
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks.
CVE-2023-24579 1 Mcafee 1 Total Protection 2023-03-22 N/A 5.5 MEDIUM
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.
CVE-2023-0978 2 Mcafee, Trellix 2 Advanced Threat Defense, Intelligent Sandbox 2023-03-17 N/A 6.7 MEDIUM
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack
CVE-2018-6661 2 Mcafee, Microsoft 2 True Key, Windows 2023-03-04 6.8 MEDIUM 7.8 HIGH
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
CVE-2018-6683 2 Mcafee, Microsoft 2 Data Loss Prevention Endpoint, Windows 2023-03-04 4.6 MEDIUM 7.4 HIGH
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
CVE-2018-6681 1 Mcafee 1 Network Security Manager 2023-03-04 3.5 LOW 5.4 MEDIUM
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
CVE-2018-6682 1 Mcafee 1 True Key 2023-03-04 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting Exposure in McAfee True Key (TK) and earlier allows local users to expose confidential data via a crafted web site.
CVE-2019-3629 1 Mcafee 1 Enterprise Security Manager 2023-03-04 4.3 MEDIUM 6.5 MEDIUM
Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters.
CVE-2018-6662 2 Apple, Mcafee 2 Mac Os X, Management Of Native Encryption 2023-03-03 7.2 HIGH 7.8 HIGH
Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input.
CVE-2019-3628 1 Mcafee 1 Enterprise Security Manager 2023-03-03 6.5 MEDIUM 8.8 HIGH
Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control.
CVE-2018-6678 1 Mcafee 1 Mcafee Web Gateway 2023-03-03 6.5 MEDIUM 9.1 CRITICAL
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.
CVE-2019-3613 1 Mcafee 1 Agent 2023-03-03 4.4 MEDIUM 7.3 HIGH
DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.
CVE-2021-3450 9 Fedoraproject, Freebsd, Mcafee and 6 more 34 Fedora, Freebsd, Web Gateway and 31 more 2023-02-28 5.8 MEDIUM 7.4 HIGH
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
CVE-2021-31843 1 Mcafee 1 Endpoint Security 2023-02-16 4.6 MEDIUM 7.8 HIGH
Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.
CVE-2016-4447 8 Apple, Canonical, Debian and 5 more 12 Iphone Os, Itunes, Mac Os X and 9 more 2023-02-12 5.0 MEDIUM 7.5 HIGH
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-4472 4 Canonical, Libexpat Project, Mcafee and 1 more 4 Ubuntu Linux, Libexpat, Policy Auditor and 1 more 2023-02-12 6.8 MEDIUM 8.1 HIGH
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
CVE-2016-4448 9 Apple, Hp, Mcafee and 6 more 21 Icloud, Iphone Os, Itunes and 18 more 2023-02-12 10.0 HIGH 9.8 CRITICAL
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.