Vulnerabilities > Mcafee > Epolicy Orchestrator > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-06-13 CVE-2017-3936 OS Command Injection vulnerability in Mcafee Epolicy Orchestrator
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.
network
low complexity
mcafee CWE-78
critical
9.8
2007-03-16 CVE-2007-1498 Remote Buffer Overflow vulnerability in Mcafee Epolicy Orchestrator and Protectionpilot
Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call.
network
mcafee
critical
9.3
2006-10-05 CVE-2006-5156 Remote Buffer Overflow vulnerability in Mcafee Epolicy Orchestrator and Protectionpilot
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
network
low complexity
mcafee
critical
10.0
2003-04-11 CVE-2002-0690 Unspecified vulnerability in Mcafee Epolicy Orchestrator 2.5.1
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
network
low complexity
mcafee
critical
10.0