Filtered by vendor Mcafee
Subscriptions
Total
603 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-4057 | 1 Mcafee | 1 Advanced Threat Defense | 2024-09-17 | N/A |
Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands. | ||||
CVE-2010-5143 | 1 Mcafee | 1 Virusscan Enterprise | 2024-09-17 | N/A |
McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module. | ||||
CVE-2020-7277 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 6.8 Medium |
Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered. | ||||
CVE-2020-7275 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 4.8 Medium |
Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file. | ||||
CVE-2014-8530 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-17 | N/A |
Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown vectors, related to simultaneous logins. | ||||
CVE-2020-7327 | 1 Mcafee | 1 Mvision Endpoint Detection And Response | 2024-09-17 | 6 Medium |
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed | ||||
CVE-2014-8532 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-16 | N/A |
Unspecified vulnerability in McAfee Network Data Loss Prevention before (NDLP) before 9.3 allows local users to obtain sensitive information and impact integrity via unknown vectors, related to partition mounting. | ||||
CVE-2014-8527 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-16 | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password." | ||||
CVE-2014-8526 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-16 | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. | ||||
CVE-2015-1619 | 1 Mcafee | 1 Email Gateway | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. | ||||
CVE-2012-4586 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2024-09-16 | N/A |
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file. | ||||
CVE-2020-7324 | 1 Mcafee | 1 Mvision Endpoint | 2024-09-16 | 6.1 Medium |
Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions. | ||||
CVE-2017-3961 | 1 Mcafee | 1 Network Security Manager | 2024-09-16 | N/A |
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes. | ||||
CVE-2020-7263 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 6.5 Medium |
Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. | ||||
CVE-2021-1257 | 5 Apple, Cisco, Linux and 2 more | 5 Macos, Dna Center, Linux Kernel and 2 more | 2024-09-16 | 8.8 High |
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. | ||||
CVE-2020-7334 | 1 Mcafee | 1 Application And Change Control | 2024-09-16 | 7.7 High |
Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software. | ||||
CVE-2021-23880 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 6.7 Medium |
Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters. | ||||
CVE-2015-1618 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-09-16 | N/A |
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. | ||||
CVE-2017-4053 | 1 Mcafee | 1 Advanced Threat Defense | 2024-09-16 | N/A |
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | ||||
CVE-2014-8524 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-16 | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors. |