Filtered by vendor Mcafee
Subscriptions
Total
603 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-2759 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-08-06 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors. | ||||
CVE-2015-2757 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-08-06 | N/A |
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors. | ||||
CVE-2015-2760 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2015-2053 | 1 Mcafee | 1 Mcafee Agent | 2024-08-06 | N/A |
The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability. | ||||
CVE-2015-1305 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows Xp | 2024-08-06 | N/A |
McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call. | ||||
CVE-2015-0921 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do. | ||||
CVE-2015-0922 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password. | ||||
CVE-2016-8031 | 1 Mcafee | 1 Anti-malware Scan Engine | 2024-08-06 | 7.3 High |
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. | ||||
CVE-2016-8030 | 1 Mcafee | 1 Virusscan Enterprise | 2024-08-06 | N/A |
A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link. | ||||
CVE-2016-8025 | 1 Mcafee | 1 Virusscan Enterprise | 2024-08-06 | N/A |
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | ||||
CVE-2016-8023 | 1 Mcafee | 1 Virusscan Enterprise | 2024-08-06 | N/A |
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. | ||||
CVE-2016-8032 | 1 Mcafee | 1 Anti-malware Scan Engine | 2024-08-06 | N/A |
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | ||||
CVE-2016-8010 | 1 Mcafee | 2 Application Control, Endpoint Security | 2024-08-06 | N/A |
Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility. | ||||
CVE-2016-8012 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-08-06 | N/A |
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. | ||||
CVE-2016-8017 | 1 Mcafee | 1 Virusscan Enterprise | 2024-08-06 | N/A |
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input. | ||||
CVE-2016-8009 | 1 Mcafee | 1 Application Control | 2024-08-06 | N/A |
Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call. | ||||
CVE-2016-8020 | 1 Mcafee | 1 Virusscan Enterprise | 2024-08-06 | N/A |
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. | ||||
CVE-2016-8027 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. | ||||
CVE-2016-8018 | 1 Mcafee | 1 Virusscan Enterprise | 2024-08-06 | N/A |
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input. | ||||
CVE-2016-8026 | 1 Mcafee | 1 Security Scan Plus | 2024-08-06 | N/A |
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. |