Filtered by vendor Mcafee
Subscriptions
Total
604 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4883 | 1 Mcafee | 2 Epolicy Orchestrator, Epolicy Orchestrator Agent | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do. | ||||
| CVE-2008-1357 | 1 Mcafee | 4 Agent, Cma, Epolicy Orchestrator and 1 more | 2025-04-09 | N/A |
| Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8. | ||||
| CVE-2008-0127 | 1 Mcafee | 1 E-business Server | 2025-04-09 | N/A |
| The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet. | ||||
| CVE-2007-2957 | 1 Mcafee | 1 E-business Server | 2025-04-09 | N/A |
| Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow. | ||||
| CVE-2007-2152 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-09 | N/A |
| Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters. | ||||
| CVE-2007-2151 | 1 Mcafee | 1 E-business Server | 2025-04-09 | N/A |
| The administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read. | ||||
| CVE-2007-1538 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-09 | N/A |
| McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product | ||||
| CVE-2007-1226 | 1 Mcafee | 1 Virex | 2025-04-09 | N/A |
| McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files. | ||||
| CVE-2007-2584 | 1 Mcafee | 3 Security Center, Securitycenter Agent, Virusscan | 2025-04-09 | N/A |
| Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument. | ||||
| CVE-2006-6474 | 1 Mcafee | 1 Virusscan | 2025-04-09 | N/A |
| Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory. | ||||
| CVE-2006-5417 | 1 Mcafee | 4 Internet Security Suite, Network Agent, Personal Firewall Plus and 1 more | 2025-04-09 | N/A |
| McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2429 | 1 Mcafee | 1 Smartfilter | 2025-04-09 | N/A |
| SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in admin_backup.xml files and uses insecure permissions for these files, which allows local users to gain privileges. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5274 | 1 Mcafee | 3 Common Management Agent, Epolicy Orchestrator, Protectionpilot | 2025-04-09 | N/A |
| Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-5273 | 1 Mcafee | 3 Common Management Agent, E-business Server, Protectionpilot | 2025-04-09 | N/A |
| Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet. | ||||
| CVE-2007-1498 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. | ||||
| CVE-2006-5272 | 1 Mcafee | 3 Common Management Agent, E-business Server, Protectionpilot | 2025-04-09 | N/A |
| Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet. | ||||
| CVE-2006-5271 | 1 Mcafee | 2 E-business Server, Protectionpilot | 2025-04-09 | N/A |
| Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption. | ||||
| CVE-2009-1348 | 1 Mcafee | 13 Active Virus Defense, Active Virusscan, Email Gateway and 10 more | 2025-04-09 | N/A |
| The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. | ||||
| CVE-2006-5156 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2025-04-09 | N/A |
| Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. | ||||
| CVE-2006-6707 | 1 Mcafee | 2 Neotrace, Visual Trace | 2025-04-09 | N/A |
| Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||