Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-09 | CVE-2019-3652 | Code Injection vulnerability in Mcafee Endpoint Security Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer. | 5.3 |
| 2019-09-18 | CVE-2019-3738 | RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. | 6.5 |
| 2019-09-13 | CVE-2019-3646 | Untrusted Search Path vulnerability in Mcafee Total Protection 16.0.36/16.0.R18 DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. | 6.5 |
| 2019-09-12 | CVE-2019-3638 | Cross-site Scripting vulnerability in Mcafee web Gateway Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | 9.6 |
| 2019-09-11 | CVE-2019-3644 | Unspecified vulnerability in Mcafee products McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. | 7.5 |
| 2019-09-11 | CVE-2019-3643 | Unspecified vulnerability in Mcafee products McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. | 7.5 |
| 2019-09-09 | CVE-2019-16168 | Divide By Zero vulnerability in multiple products In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | 6.5 |
| 2019-08-21 | CVE-2019-3634 | Out-of-bounds Read vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0 Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory. | 5.5 |
| 2019-08-21 | CVE-2019-3633 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0 Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory. | 5.5 |
| 2019-08-14 | CVE-2019-3639 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mcafee web Gateway Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. | 7.1 |