Vulnerabilities > Mcafee > Enterprise Security Manager
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-11 | CVE-2019-3644 | Unspecified vulnerability in Mcafee products McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. | 7.5 |
2019-09-11 | CVE-2019-3643 | Unspecified vulnerability in Mcafee products McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. | 7.5 |
2019-06-27 | CVE-2019-3632 | Path Traversal vulnerability in Mcafee Enterprise Security Manager Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. | 8.8 |
2019-06-27 | CVE-2019-3631 | OS Command Injection vulnerability in Mcafee Enterprise Security Manager Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | 7.2 |
2019-06-27 | CVE-2019-3630 | OS Command Injection vulnerability in Mcafee Enterprise Security Manager Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | 7.2 |
2019-06-27 | CVE-2019-3629 | Unspecified vulnerability in Mcafee Enterprise Security Manager Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters. | 6.5 |
2019-06-27 | CVE-2019-3628 | Unspecified vulnerability in Mcafee Enterprise Security Manager Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. | 8.8 |
2017-08-07 | CVE-2015-7704 | Improper Input Validation vulnerability in multiple products The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | 5.0 |
2015-09-22 | CVE-2015-7310 | OS Command Injection vulnerability in Mcafee products McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file. | 6.5 |