Filtered by vendor Mcafee
Subscriptions
Total
603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6660 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-09-16 | N/A |
| Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | ||||
| CVE-2017-3898 | 1 Mcafee | 1 Livesafe | 2024-09-16 | N/A |
| A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. | ||||
| CVE-2010-3496 | 1 Mcafee | 1 Virusscan Enterprise | 2024-09-16 | N/A |
| McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. | ||||
| CVE-2020-7255 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 3.9 Low |
| Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration. | ||||
| CVE-2010-5166 | 2 Mcafee, Microsoft | 2 Total Protection 2010, Windows Xp | 2024-09-16 | N/A |
| Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | ||||
| CVE-2020-7322 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 4.7 Medium |
| Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. | ||||
| CVE-2014-8535 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-16 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors. | ||||
| CVE-2021-23882 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 8.2 High |
| Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade. | ||||
| CVE-2020-7315 | 1 Mcafee | 1 Mcafee Agent | 2024-09-16 | 6 Medium |
| DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. | ||||
| CVE-2020-7265 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 8.8 High |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2020-7257 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 8.4 High |
| Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent. | ||||
| CVE-2020-7254 | 1 Mcafee | 1 Advanced Threat Defense | 2024-09-16 | 7.7 High |
| Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command. | ||||
| CVE-2019-3588 | 1 Mcafee | 1 Virusscan Enterprise | 2024-09-16 | 6.3 Medium |
| Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked. | ||||
| CVE-2020-7279 | 1 Mcafee | 1 Host Intrusion Prevention | 2024-09-16 | 4.6 Medium |
| DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder. | ||||
| CVE-2021-3712 | 8 Debian, Mcafee, Netapp and 5 more | 36 Debian Linux, Epolicy Orchestrator, Clustered Data Ontap and 33 more | 2024-09-16 | 7.4 High |
| ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). | ||||
| CVE-2015-7612 | 1 Mcafee | 1 Vulnerability Manager | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | ||||
| CVE-2012-4588 | 1 Mcafee | 2 Enterprise Mobility Manager, Enterprise Mobility Manager Agent | 2024-09-16 | N/A |
| McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames. | ||||
| CVE-2017-3934 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-16 | N/A |
| Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver. | ||||
| CVE-2020-7261 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 6.1 Medium |
| Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | ||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 7.4 High |
| Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | ||||