VIR Vulnerability Intelligence Relay

Search

Found 29 results in 324ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-3898 medium 5.9 6.9 EXP mcafee 9y ago A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registr…
CVE-2017-3897 critical 9.8 10.0 EXP mcafee 9y ago A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 all…
CVE-2017-1000366 high 7.8 8.8 EXPFIX slesarch archdebian debian openstackgnumcafee 9y ago glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note…
CVE-2016-8025 medium 6.2 7.2 EXP mcafee 9y ago SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request paramete…
CVE-2016-8024 high 8.1 9.1 EXP mcafee 9y ago Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensit…
CVE-2016-8023 high 8.1 9.1 EXP mcafee 9y ago Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentic…
CVE-2016-8022 high 7.5 8.5 EXP mcafee 9y ago Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a den…
CVE-2016-8021 medium 5.0 6.0 EXP mcafee 9y ago Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and exe…
CVE-2016-8020 high 8.0 9.0 EXP mcafee 9y ago Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted …
CVE-2016-8019 medium 6.1 7.1 EXP mcafee 9y ago Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script o…
CVE-2016-8018 medium 4.3 5.3 EXP mcafee 9y ago Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a cr…
CVE-2016-8017 medium 4.1 5.1 EXP mcafee 9y ago Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user…
CVE-2016-1839 medium 5.5 6.5 EXPFIX slesdebian debian rhel mcafeexmlsoft 10y ago The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial o…
CVE-2016-1838 medium 5.5 6.5 EXPFIX debian debian rhelubuntu ubuntu mcafeexmlsoft 10y ago The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to…
CVE-2016-4535 high 7.5 8.5 EXP mcafee 10y ago Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed exe…
CVE-2016-3984 medium 5.1 6.1 EXP mcafee 10y ago The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1,…
CVE-2015-1305 medium 7.9 EXP windows windows mcafee 12y ago McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 …
CVE-2015-0922 medium 6.0 EXP mcafee 12y ago McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by …
CVE-2015-0921 medium 5.0 EXP mcafee 12y ago XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the…
CVE-2014-2588 medium 5.0 EXP mcafee 12y ago Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.
CVE-2014-2587 medium 7.5 EXP mcafee 12y ago SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka us…
CVE-2014-2586 medium 5.3 EXP mcafee 12y ago Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.
CVE-2013-5094 medium 5.3 EXP mcafee 13y ago Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
CVE-2013-4884 medium 5.3 EXP mcafee 13y ago Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly…
CVE-2013-4883 medium 5.3 EXP mcafee 13y ago Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject…
CVE-2013-4882 medium 7.5 EXP mcafee 13y ago Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated use…
CVE-2013-0140 high 8.9 EXP mcafee 13y ago SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a cra…
CVE-2012-5879 high 9.2 EXP mcafee 13y ago An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument …
CVE-2012-4598 critical 10.0 EXP mcafee 14y ago An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via…