VIR Vulnerability Intelligence Relay

Search

Found 152 results in 27ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-16168 medium 6.5 6.5 FIX rocky slesdebian debian sqlitenetapptenable 5y ago RHSA-2021:1968: mingw packages security and bug fix update (Moderate)
CVE-2017-3934 medium 5.9 5.9 mcafee 9y ago Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data…
CVE-2017-3933 medium 5.4 5.4 mcafee 9y ago Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request fo…
CVE-2017-3898 medium 5.9 6.9 EXP mcafee 9y ago A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registr…
CVE-2017-3897 critical 9.8 10.0 EXP mcafee 9y ago A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 all…
CVE-2017-4053 critical 9.8 9.8 mcafee 9y ago Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their c…
CVE-2017-4052 critical 9.8 9.8 mcafee 9y ago Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any con…
CVE-2017-3948 medium 5.4 5.4 mcafee 9y ago Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecti…
CVE-2017-9287 medium 6.5 6.5 FIX arch arch slesdebian debian openldapmcafeeoracle 9y ago servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged …
CVE-2017-4017 medium 5.3 5.3 mcafee 9y ago User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface.
CVE-2017-4016 medium 5.3 5.3 mcafee 9y ago Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header.
CVE-2017-4015 medium 4.5 4.5 mcafee 9y ago Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.
CVE-2017-4013 medium 5.3 5.3 mcafee 9y ago Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header.
CVE-2017-4012 medium 6.5 6.5 mcafee 9y ago Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP re…
CVE-2017-4011 medium 6.1 6.1 mcafee 9y ago Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of th…
CVE-2016-8030 medium 4.3 4.3 mcafee 9y ago A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer…
CVE-2017-3899 medium 6.5 6.5 mcafee 9y ago SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request paramete…
CVE-2016-8027 critical 10.0 10.0 mcafee 9y ago SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in dis…
CVE-2016-8025 medium 6.2 7.2 EXP mcafee 9y ago SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request paramete…
CVE-2016-8021 medium 5.0 6.0 EXP mcafee 9y ago Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and exe…
CVE-2016-8019 medium 6.1 7.1 EXP mcafee 9y ago Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script o…
CVE-2016-8018 medium 4.3 5.3 EXP mcafee 9y ago Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a cr…
CVE-2016-8017 medium 4.1 5.1 EXP mcafee 9y ago Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user…
CVE-2016-8016 low 3.4 4.4 EXP mcafee 9y ago Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a UR…
CVE-2016-8007 medium 6.3 6.3 mcafee 9y ago Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific condi…
CVE-2016-8005 medium 6.5 6.5 mcafee 9y ago File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a for…
CVE-2015-8987 medium 5.3 5.3 mcafee 9y ago Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possi…
CVE-2015-8986 medium 5.5 5.5 mcafee 9y ago Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, t…
CVE-2014-9921 critical 9.8 9.8 mcafee 9y ago Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, …
CVE-2014-9920 medium 5.9 5.9 mcafee 9y ago Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 befor…
CVE-2013-7461 medium 5.5 5.5 mcafee 9y ago A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write…
CVE-2013-7460 medium 5.5 5.5 mcafee 9y ago A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part …
CVE-2017-3902 medium 5.4 5.4 mcafee 9y ago Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing …
CVE-2017-3896 medium 5.9 5.9 mcafee 9y ago Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters v…
CVE-2016-8006 medium 4.4 4.4 mcafee 10y ago Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an adminis…
CVE-2016-4448 critical 9.8 9.8 FIX slesdebian debian rhel hpxmlsoftapple 10y ago Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-0718 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu mozillasuselibexpat_project 10y ago Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2016-1839 medium 5.5 6.5 EXPFIX slesdebian debian rhel mcafeexmlsoft 10y ago The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial o…
CVE-2016-1838 medium 5.5 6.5 EXPFIX debian debian rhelubuntu ubuntu mcafeexmlsoft 10y ago The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to…
CVE-2016-1837 medium 5.5 5.5 FIX debian debianubuntu ubuntumacos macos mcafeexmlsoft 10y ago Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS …
CVE-2016-1836 medium 5.5 5.5 FIX debian debianubuntu ubuntumacos macos xmlsoftmcafee 10y ago Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows…
CVE-2016-1833 medium 5.5 5.5 FIX debian debianubuntu ubuntumacos macos xmlsoftmcafee 10y ago The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of…
CVE-2016-4534 low 3.0 4.0 EXP mcafee 10y ago The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and…
CVE-2016-3984 medium 5.1 6.1 EXP mcafee 10y ago The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1,…
CVE-2016-3969 medium 6.1 6.1 mcafee 10y ago Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject…
CVE-2015-8772 critical 9.1 9.1 mcafee 11y ago McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large …
CVE-2016-1715 medium 6.6 6.6 mcafee 11y ago The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Win…
CVE-2015-8577 low 2.6 mcafee 11y ago The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platform…
CVE-2015-8024 critical 9.3 mcafee 11y ago McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x b…
CVE-2015-7612 medium 6.8 mcafee 11y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the…
CVE-2015-7310 medium 6.5 mcafee 11y ago McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before …
CVE-2015-7238 low 2.1 mcafee 11y ago The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sen…
CVE-2015-7237 medium 5.0 mcafee 11y ago Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-2859 medium 5.8 mcafee 11y ago Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows m…
CVE-2015-4559 medium 4.3 mcafee 11y ago Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbi…
CVE-2015-3030 medium 4.0 mcafee 11y ago The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors.
CVE-2015-3029 medium 4.0 mcafee 11y ago The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified v…
CVE-2015-3028 medium 5.5 mcafee 11y ago McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters.
CVE-2015-2760 low 3.5 mcafee 11y ago Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbit…
CVE-2015-2759 medium 6.8 mcafee 11y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijac…
CVE-2015-2758 medium 6.5 mcafee 11y ago The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or po…
CVE-2015-2757 medium 4.0 mcafee 11y ago The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corr…
CVE-2015-2053 medium 4.3 mcafee 11y ago The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks …
CVE-2015-1619 low 3.5 mcafee 12y ago Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allo…
CVE-2015-1618 medium 4.0 mcafee 12y ago The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL.
CVE-2015-1617 low 3.5 mcafee 12y ago Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML vi…
CVE-2015-1616 medium 6.5 mcafee 12y ago SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified …
CVE-2015-1305 medium 7.9 EXP windows windows mcafee 12y ago McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 …
CVE-2015-0922 medium 6.0 EXP mcafee 12y ago McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by …
CVE-2015-0921 medium 5.0 EXP mcafee 12y ago XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the…
CVE-2014-8537 low 2.1 mcafee 12y ago McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs.
CVE-2014-8536 low 2.1 mcafee 12y ago McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages.
CVE-2014-8535 medium 4.6 mcafee 12y ago McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors.
CVE-2014-8534 low 2.1 mcafee 12y ago Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field.
CVE-2014-8532 low 3.6 mcafee 12y ago Unspecified vulnerability in McAfee Network Data Loss Prevention before (NDLP) before 9.3 allows local users to obtain sensitive information and impact integrity via unknown vectors, related to parti…
CVE-2014-8531 medium 6.5 mcafee 12y ago The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified…
CVE-2014-8529 low 2.1 mcafee 12y ago McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2014-8528 low 2.1 mcafee 12y ago McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log.
CVE-2014-8527 low 3.6 mcafee 12y ago McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password."
CVE-2014-8526 low 2.1 mcafee 12y ago McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace.
CVE-2014-8525 medium 5.0 mcafee 12y ago McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentiall…
CVE-2014-8524 medium 5.0 mcafee 12y ago McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via un…
CVE-2014-8523 medium 6.8 mcafee 12y ago Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vector…
CVE-2014-8521 low 3.5 mcafee 12y ago Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8520 medium 5.0 mcafee 12y ago McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports.
CVE-2014-8519 low 2.1 mcafee 12y ago Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors.
CVE-2014-8518 low 2.1 mcafee 12y ago The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, an…
CVE-2014-6064 medium 4.0 mcafee 12y ago The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspe…
CVE-2014-2390 medium 6.8 mcafee 12y ago Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before…
CVE-2014-2588 medium 5.0 EXP mcafee 12y ago Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.
CVE-2014-2587 medium 7.5 EXP mcafee 12y ago SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka us…
CVE-2014-2586 medium 5.3 EXP mcafee 12y ago Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.
CVE-2014-2536 medium 4.3 intelmcafee 12y ago Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows …
CVE-2014-2535 medium 4.0 mcafee 12y ago Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted…
CVE-2014-2205 medium 6.3 mcafee 12y ago The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importi…
CVE-2013-5094 medium 5.3 EXP mcafee 13y ago Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
CVE-2013-4884 medium 5.3 EXP mcafee 13y ago Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly…
CVE-2014-1473 medium 6.8 mcafee 13y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of use…
CVE-2014-1472 medium 4.3 mcafee 13y ago Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via…
CVE-2013-7104 critical 9.0 mcafee 13y ago McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this iss…