Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mcafee Subscribe
Filtered by product Epolicy Orchestrator
Total 86 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0095 1 Mcafee 1 Epolicy Orchestrator 2023-12-10 5.0 MEDIUM N/A
McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow.
CVE-2002-0690 1 Mcafee 1 Epolicy Orchestrator 2023-12-10 10.0 HIGH N/A
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
CVE-2003-0149 1 Mcafee 1 Epolicy Orchestrator 2023-12-10 7.5 HIGH N/A
Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters.
CVE-2004-0038 1 Mcafee 1 Epolicy Orchestrator 2023-12-10 7.5 HIGH N/A
McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.
CVE-2003-0610 1 Mcafee 1 Epolicy Orchestrator 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request.
CVE-2003-0148 1 Mcafee 1 Epolicy Orchestrator 2023-12-10 7.2 HIGH N/A
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.