Filtered by vendor Mcafee
Subscriptions
Total
605 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-7237 | 1 Mcafee | 1 Mcafee Agent | 2025-04-12 | N/A |
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2014-8523 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2014-2535 | 1 Mcafee | 1 Web Gateway | 2025-04-12 | N/A |
Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. | ||||
CVE-2014-8536 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages. | ||||
CVE-2016-3983 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-12 | N/A |
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | ||||
CVE-2015-2757 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2025-04-12 | N/A |
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors. | ||||
CVE-2014-8520 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports. | ||||
CVE-2014-8518 | 1 Mcafee | 2 Endpoint Encryption For Files And Folders, File And Removable Media Protection | 2025-04-12 | N/A |
The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, and Endpoint Encryption for Files and Folders (EEFF) 3.2.x through 4.2.x, uses a hard-coded salt, which makes it easier for local users to obtain passwords via a brute force attack. | ||||
CVE-2015-1616 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2025-04-12 | N/A |
SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2015-3028 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-12 | N/A |
McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters. | ||||
CVE-2015-7238 | 1 Mcafee | 1 Threat Intelligence Exchange | 2025-04-12 | N/A |
The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files. | ||||
CVE-2014-8530 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown vectors, related to simultaneous logins. | ||||
CVE-2012-4595 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2025-04-11 | N/A |
McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. | ||||
CVE-2012-4592 | 1 Mcafee | 1 Enterprise Mobility Manager | 2025-04-11 | N/A |
The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
CVE-2012-4598 | 1 Mcafee | 2 Epo Mcafee Virtual Technician, Mcafee Virtual Technician | 2025-04-11 | N/A |
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site. | ||||
CVE-2012-4590 | 1 Mcafee | 1 Enterprise Mobility Manager | 2025-04-11 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable. | ||||
CVE-2012-4589 | 1 Mcafee | 1 Enterprise Mobility Manager | 2025-04-11 | N/A |
Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||
CVE-2009-5116 | 1 Mcafee | 1 Linuxshield | 2025-04-11 | N/A |
McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account. | ||||
CVE-2011-3006 | 1 Mcafee | 1 Saas Endpoint Protection | 2025-04-11 | N/A |
The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks. | ||||
CVE-2013-4883 | 1 Mcafee | 2 Epolicy Orchestrator, Epolicy Orchestrator Agent | 2025-04-11 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do. |