Vulnerabilities > Mcafee > Epolicy Orchestrator > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-13 | CVE-2017-3936 | OS Command Injection vulnerability in Mcafee Epolicy Orchestrator OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | 9.8 |
| 2007-03-16 | CVE-2007-1498 | Remote Buffer Overflow vulnerability in Mcafee Epolicy Orchestrator and Protectionpilot Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. | 9.3 |
| 2006-10-05 | CVE-2006-5156 | Remote Buffer Overflow vulnerability in Mcafee Epolicy Orchestrator and Protectionpilot Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. | 10.0 |
| 2003-04-11 | CVE-2002-0690 | Unspecified vulnerability in Mcafee Epolicy Orchestrator 2.5.1 Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings. | 10.0 |