Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-18 | CVE-2018-6690 | Origin Validation Error vulnerability in Mcafee Application Change Control Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. | 7.1 |
| 2018-09-18 | CVE-2017-3912 | Improper Authentication vulnerability in Mcafee Application and Change Control 6.2.0/7.0.1 Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility. | 7.8 |
| 2018-09-18 | CVE-2018-6693 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mcafee products An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. | 5.3 |
| 2018-07-27 | CVE-2018-6686 | Improper Authentication vulnerability in Mcafee Drive Encryption Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances. | 6.6 |
| 2018-07-23 | CVE-2018-6683 | Incorrect Default Permissions vulnerability in Mcafee Data Loss Prevention Endpoint Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | 7.4 |
| 2018-07-23 | CVE-2018-6678 | Unspecified vulnerability in Mcafee web Gateway 7.8.1.0 Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. | 9.1 |
| 2018-07-23 | CVE-2018-6677 | Path Traversal vulnerability in Mcafee web Gateway 7.8.1.0 Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. | 9.1 |
| 2018-07-17 | CVE-2018-6681 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface. | 5.4 |
| 2018-06-26 | CVE-2018-6667 | Improper Authentication vulnerability in Mcafee web Gateway Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). | 9.8 |
| 2018-06-15 | CVE-2018-6672 | Information Exposure vulnerability in Mcafee Epolicy Orchestrator Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. | 6.5 |