Filtered by vendor Mcafee
Subscribe
Total
604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0543 | 6 Canonical, Fedoraproject, Intel and 3 more | 719 Ubuntu Linux, Fedora, Celeron 1000m and 716 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2019-9169 | 4 Canonical, Gnu, Mcafee and 1 more | 6 Ubuntu Linux, Glibc, Web Gateway and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
|
|||||
| CVE-2019-6454 | 8 Canonical, Debian, Fedoraproject and 5 more | 22 Ubuntu Linux, Debian Linux, Fedora and 19 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
|
|||||
| CVE-2019-3738 | 3 Dell, Mcafee, Oracle | 16 Bsafe Cert-j, Bsafe Crypto-j, Bsafe Ssl-j and 13 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
|
|||||
| CVE-2019-3670 | 1 Mcafee | 1 Web Advisor | 2024-11-21 | 4.3 MEDIUM | 8.0 HIGH |
|
Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack.
|
|||||
| CVE-2019-3667 | 1 Mcafee | 1 Techcheck | 2024-11-21 | 4.4 MEDIUM | 6.6 MEDIUM |
|
DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.
|
|||||
| CVE-2019-3666 | 1 Mcafee | 1 Webadvisor | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site.
|
|||||
| CVE-2019-3665 | 1 Mcafee | 1 Webadvisor | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site.
|
|||||
| CVE-2019-3663 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 2.1 LOW | 9.8 CRITICAL |
|
Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details
|
|||||
| CVE-2019-3662 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests.
|
|||||
| CVE-2019-3661 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.
|
|||||
| CVE-2019-3660 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 6.5 MEDIUM | 8.4 HIGH |
|
Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests.
|
|||||
| CVE-2019-3654 | 2 Mcafee, Microsoft | 2 Client Proxy, Windows | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
|
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator.
|
|||||
| CVE-2019-3653 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.
|
|||||
| CVE-2019-3652 | 2 Mcafee, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
|
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.
|
|||||
| CVE-2019-3651 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive.
|
|||||
| CVE-2019-3650 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
|
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database.
|
|||||
| CVE-2019-3649 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
|
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files.
|
|||||
| CVE-2019-3648 | 1 Mcafee | 3 Anti-virus Plus, Internet Security, Total Protection | 2024-11-21 | 7.2 HIGH | 6.1 MEDIUM |
|
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
|
|||||
| CVE-2019-3646 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 6.0 MEDIUM | 6.9 MEDIUM |
|
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
|
|||||
| CVE-2019-3644 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.
|
|||||
| CVE-2019-3643 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.
|
|||||
| CVE-2019-3641 | 1 Mcafee | 1 Threat Intelligence Exchange Server | 2024-11-21 | 3.5 LOW | 4.5 MEDIUM |
|
Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages.
|
|||||
| CVE-2019-3640 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 4.0 MEDIUM | 4.8 MEDIUM |
|
Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.
|
|||||
| CVE-2019-3639 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header.
|
|||||
| CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
|
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.
|
|||||
| CVE-2019-3637 | 1 Mcafee | 1 File And Removable Media Protection | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges.
|
|||||
| CVE-2019-3636 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
|
A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.
|
|||||
| CVE-2019-3635 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe.
|
|||||
| CVE-2019-3634 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.
|
|||||
| CVE-2019-3633 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.
|
|||||
| CVE-2019-3632 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input.
|
|||||
| CVE-2019-3631 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
|
|||||
| CVE-2019-3630 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
|
|||||
| CVE-2019-3629 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters.
|
|||||
| CVE-2019-3628 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control.
|
|||||
| CVE-2019-3622 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
|
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.
|
|||||
| CVE-2019-3621 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine.
|
|||||
| CVE-2019-3619 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
|
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.
|
|||||
| CVE-2019-3617 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 6.9 MEDIUM | 7.5 HIGH |
|
Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files.
|
|||||