Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-25 | CVE-2018-6674 | Missing Encryption of Sensitive Data vulnerability in Mcafee Virusscan Enterprise 8.8.0 Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | 3.9 |
| 2018-05-25 | CVE-2018-6664 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Data Loss Prevention Endpoint Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. | 8.8 |
| 2018-05-25 | CVE-2017-3961 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes. | 5.4 |
| 2018-04-26 | CVE-2018-10381 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Tunnelbear 3.2.0.6 TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. | 9.8 |
| 2018-04-04 | CVE-2017-3971 | Inadequate Encryption Strength vulnerability in Mcafee Network Security Manager Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers. | 6.5 |
| 2018-04-04 | CVE-2017-3969 | Channel and Path Errors vulnerability in Mcafee Network Security Manager Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL. | 5.9 |
| 2018-04-04 | CVE-2017-3967 | Code Injection vulnerability in Mcafee Network Security Manager Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames. | 6.1 |
| 2018-04-04 | CVE-2017-3966 | Insufficient Session Expiration vulnerability in Mcafee Network Security Manager Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL. | 6.3 |
| 2018-04-04 | CVE-2017-3965 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Network Security Manager Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. | 8.8 |
| 2018-04-04 | CVE-2017-3964 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter. | 5.4 |