Filtered by vendor Mcafee
Subscriptions
Total
603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2024-08-04 | 8.1 High |
| Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | ||||
| CVE-2019-3641 | 1 Mcafee | 1 Threat Intelligence Exchange Server | 2024-08-04 | 4.5 Medium |
| Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages. | ||||
| CVE-2019-3633 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-08-04 | 5.5 Medium |
| Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory. | ||||
| CVE-2019-3631 | 1 Mcafee | 1 Enterprise Security Manager | 2024-08-04 | 7.2 High |
| Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | ||||
| CVE-2019-3653 | 1 Mcafee | 1 Endpoint Security | 2024-08-04 | 4.6 Medium |
| Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool. | ||||
| CVE-2019-3635 | 1 Mcafee | 1 Web Gateway | 2024-08-04 | 6.5 Medium |
| Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe. | ||||
| CVE-2019-3606 | 1 Mcafee | 1 Network Security Manager | 2024-08-04 | N/A |
| Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. | ||||
| CVE-2019-3661 | 1 Mcafee | 1 Advanced Threat Defense | 2024-08-04 | 8.1 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | ||||
| CVE-2019-3670 | 1 Mcafee | 1 Web Advisor | 2024-08-04 | 8 High |
| Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | ||||
| CVE-2019-3619 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-04 | N/A |
| Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server. | ||||
| CVE-2019-3667 | 1 Mcafee | 1 Techcheck | 2024-08-04 | 6.6 Medium |
| DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker. | ||||
| CVE-2019-3622 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-08-04 | 8.2 High |
| Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links. | ||||
| CVE-2019-3662 | 1 Mcafee | 1 Advanced Threat Defense | 2024-08-04 | 6.5 Medium |
| Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. | ||||
| CVE-2019-3649 | 1 Mcafee | 1 Advanced Threat Defense | 2024-08-04 | 5.3 Medium |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. | ||||
| CVE-2019-3650 | 1 Mcafee | 1 Advanced Threat Defense | 2024-08-04 | 5.3 Medium |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. | ||||
| CVE-2019-3660 | 1 Mcafee | 1 Advanced Threat Defense | 2024-08-04 | 8.4 High |
| Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | ||||
| CVE-2019-3615 | 1 Mcafee | 1 Database Security | 2024-08-04 | N/A |
| Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen. | ||||
| CVE-2019-3604 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-04 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. | ||||
| CVE-2019-3587 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2024-08-04 | N/A |
| DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder. | ||||
| CVE-2019-3597 | 1 Mcafee | 1 Network Security Manager | 2024-08-04 | N/A |
| Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions. | ||||