Filtered by vendor Mcafee
Subscriptions
Total
603 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-7274 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 6.6 Medium |
Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | ||||
CVE-2020-7309 | 1 Mcafee | 1 Application And Change Control | 2024-09-16 | 3.9 Low |
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. | ||||
CVE-2020-7280 | 1 Mcafee | 1 Virusscan Enterprise | 2024-09-16 | 7.8 High |
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent. | ||||
CVE-2018-10381 | 1 Mcafee | 1 Tunnelbear | 2024-09-16 | N/A |
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | ||||
CVE-2017-3935 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-16 | N/A |
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type. | ||||
CVE-2011-5100 | 1 Mcafee | 1 Firewall Reporter | 2024-09-16 | N/A |
The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. | ||||
CVE-2019-3585 | 1 Mcafee | 1 Virusscan Enterprise | 2024-09-16 | 7 High |
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges. | ||||
CVE-2017-3965 | 1 Mcafee | 1 Network Security Manager | 2024-09-16 | N/A |
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. | ||||
CVE-2020-7273 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 6.7 Medium |
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters. | ||||
CVE-2018-6659 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-09-16 | N/A |
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. | ||||
CVE-2017-4052 | 1 Mcafee | 1 Advanced Threat Defense | 2024-09-16 | N/A |
Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter. | ||||
CVE-2018-6662 | 2 Apple, Mcafee | 2 Mac Os X, Management Of Native Encryption | 2024-09-16 | 7.8 High |
Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input. | ||||
CVE-2000-1128 | 1 Mcafee | 1 Virusscan | 2024-08-08 | N/A |
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory. | ||||
CVE-2000-0502 | 1 Mcafee | 1 Virusscan | 2024-08-08 | N/A |
Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion. | ||||
CVE-2000-0119 | 2 Mcafee, Symantec | 2 Virusscan, Norton Antivirus | 2024-08-08 | N/A |
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. | ||||
CVE-2001-1456 | 4 Mcafee, Network Associates, Pgp and 1 more | 5 Webshield Smtp, Gauntlet Firewall, Mcafee E-ppliance and 2 more | 2024-08-08 | N/A |
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message. | ||||
CVE-2001-1144 | 1 Mcafee | 1 Asap Virusscan | 2024-08-08 | N/A |
Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. | ||||
CVE-2001-0612 | 1 Mcafee | 1 Remote Desktop 32 | 2024-08-08 | N/A |
McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045. | ||||
CVE-2002-2282 | 1 Mcafee | 1 Virusscan | 2024-08-08 | N/A |
McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs. | ||||
CVE-2002-0690 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-08 | N/A |
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings. |