Filtered by vendor Mcafee
Subscriptions
Total
604 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2536 | 2 Intel, Mcafee | 3 Expressway Cloud Access 360, Cloud Identity Manager, Cloud Single Sign On | 2025-04-12 | N/A |
| Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors. | ||||
| CVE-2014-2535 | 1 Mcafee | 1 Web Gateway | 2025-04-12 | N/A |
| Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. | ||||
| CVE-2015-8577 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-12 | N/A |
| The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | ||||
| CVE-2014-8529 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-2205 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-12 | N/A |
| The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-2390 | 1 Mcafee | 1 Network Security Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors. | ||||
| CVE-2014-8536 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages. | ||||
| CVE-2015-7238 | 1 Mcafee | 1 Threat Intelligence Exchange | 2025-04-12 | N/A |
| The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files. | ||||
| CVE-2014-2586 | 1 Mcafee | 1 Cloud Single Sign On | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password. | ||||
| CVE-2014-2587 | 1 Mcafee | 1 Asset Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). | ||||
| CVE-2014-2588 | 1 Mcafee | 1 Asset Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. | ||||
| CVE-2014-8526 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. | ||||
| CVE-2014-8519 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors. | ||||
| CVE-2014-8520 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports. | ||||
| CVE-2014-8521 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8522 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2014-8523 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2014-1473 | 1 Mcafee | 1 Vulnerability Manager | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page." | ||||
| CVE-2014-1472 | 1 Mcafee | 1 Vulnerability Manager | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-7104 | 1 Mcafee | 1 Email Gateway | 2025-04-11 | N/A |
| McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. | ||||