Filtered by vendor Mcafee
Subscriptions
Total
605 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-8533 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection. | ||||
CVE-2015-3987 | 1 Mcafee | 1 Epo Deep Command | 2025-04-12 | N/A |
Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors. | ||||
CVE-2014-2535 | 1 Mcafee | 1 Web Gateway | 2025-04-12 | N/A |
Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. | ||||
CVE-2015-8577 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-12 | N/A |
The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | ||||
CVE-2014-8536 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages. | ||||
CVE-2014-8532 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
Unspecified vulnerability in McAfee Network Data Loss Prevention before (NDLP) before 9.3 allows local users to obtain sensitive information and impact integrity via unknown vectors, related to partition mounting. | ||||
CVE-2015-4559 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2015-8765 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-12 | N/A |
Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
CVE-2015-8772 | 1 Mcafee | 1 File Lock | 2025-04-12 | N/A |
McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call. | ||||
CVE-2014-2588 | 1 Mcafee | 1 Asset Manager | 2025-04-12 | N/A |
Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. | ||||
CVE-2015-3029 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-12 | N/A |
The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
CVE-2015-7612 | 1 Mcafee | 1 Vulnerability Manager | 2025-04-12 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | ||||
CVE-2015-7237 | 1 Mcafee | 1 Mcafee Agent | 2025-04-12 | N/A |
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2014-8531 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors. | ||||
CVE-2015-8024 | 1 Mcafee | 1 Mcafee Enterprise Security Manager | 2025-04-12 | N/A |
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password. | ||||
CVE-2015-3030 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-12 | N/A |
The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors. | ||||
CVE-2014-8523 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2016-2199 | 1 Mcafee | 1 Vulnerability Manager | 2025-04-12 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | ||||
CVE-2014-8524 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2016-4535 | 1 Mcafee | 1 Livesafe | 2025-04-12 | N/A |
Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable. |