Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2018-09-24 CVE-2018-6700 Untrusted Search Path vulnerability in Mcafee True KEY
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.
local
low complexity
mcafee CWE-426
7.8
2018-09-24 CVE-2018-6682 Cross-site Scripting vulnerability in Mcafee True KEY 4.0.0.0
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
network
low complexity
mcafee CWE-79
6.1
2018-09-18 CVE-2018-6690 Origin Validation Error vulnerability in Mcafee Application Change Control
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
local
low complexity
mcafee CWE-346
7.1
2018-09-18 CVE-2017-3912 Improper Authentication vulnerability in Mcafee Application and Change Control 6.2.0/7.0.1
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
local
low complexity
mcafee CWE-287
7.8
2018-09-18 CVE-2018-6693 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mcafee products
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier.
local
high complexity
mcafee CWE-367
5.3
2018-07-27 CVE-2018-6686 Improper Authentication vulnerability in Mcafee Drive Encryption
Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances.
low complexity
mcafee CWE-287
6.6
2018-07-23 CVE-2018-6683 Incorrect Default Permissions vulnerability in Mcafee Data Loss Prevention Endpoint
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
low complexity
mcafee CWE-276
7.4
2018-07-23 CVE-2018-6678 Unspecified vulnerability in Mcafee web Gateway 7.8.1.0
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.
network
low complexity
mcafee
critical
9.1
2018-07-23 CVE-2018-6677 Path Traversal vulnerability in Mcafee web Gateway 7.8.1.0
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
network
low complexity
mcafee CWE-22
critical
9.1
2018-07-17 CVE-2018-6681 Cross-site Scripting vulnerability in Mcafee Network Security Manager
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
network
low complexity
mcafee CWE-79
5.4