Filtered by vendor Mcafee
Subscriptions
Total
603 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-7326 | 1 Mcafee | 1 Active Response | 2024-09-16 | 6 Medium |
Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed | ||||
CVE-2015-3030 | 1 Mcafee | 1 Advanced Threat Defense | 2024-09-16 | N/A |
The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors. | ||||
CVE-2012-1430 | 8 Aladdin, Bitdefender, Comodo and 5 more | 9 Esafe, Bitdefender, Comodo Antivirus and 6 more | 2024-09-16 | N/A |
The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | ||||
CVE-2017-3969 | 1 Mcafee | 1 Network Security Manager | 2024-09-16 | N/A |
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL. | ||||
CVE-2013-3627 | 1 Mcafee | 1 Agent | 2024-09-16 | N/A |
FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request. | ||||
CVE-2015-7237 | 1 Mcafee | 1 Mcafee Agent | 2024-09-16 | N/A |
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2020-7287 | 2 Linux, Mcafee | 2 Linux Kernel, Endpoint Detection And Response | 2024-09-16 | 7.8 High |
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | ||||
CVE-2020-7286 | 2 Mcafee, Microsoft | 2 Endpoint Detection And Response, Windows | 2024-09-16 | 7.8 High |
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | ||||
CVE-2015-3029 | 1 Mcafee | 1 Advanced Threat Defense | 2024-09-16 | N/A |
The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
CVE-2020-7333 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 4.8 Medium |
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard. | ||||
CVE-2012-2212 | 1 Mcafee | 1 Web Gateway | 2024-09-16 | N/A |
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers | ||||
CVE-2021-23878 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 7.3 High |
Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine | ||||
CVE-2020-7320 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 6.7 Medium |
Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services. | ||||
CVE-2020-7299 | 1 Mcafee | 1 True Key | 2024-09-16 | 5 Medium |
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations. | ||||
CVE-2020-7319 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 8.8 High |
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | ||||
CVE-2019-3738 | 3 Dell, Mcafee, Oracle | 16 Bsafe Cert-j, Bsafe Crypto-j, Bsafe Ssl-j and 13 more | 2024-09-16 | 6.5 Medium |
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. | ||||
CVE-2019-3613 | 1 Mcafee | 1 Agent | 2024-09-16 | 5.9 Medium |
DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder. | ||||
CVE-2005-1107 | 1 Mcafee | 1 Internet Security Suite | 2024-09-16 | N/A |
McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files. | ||||
CVE-2010-2116 | 1 Mcafee | 2 Email Gateway, Secure Mail | 2024-09-16 | N/A |
The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. | ||||
CVE-2014-8534 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-16 | N/A |
Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field. |