Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2017-03-14 CVE-2016-8027 SQL Injection vulnerability in Mcafee Epolicy Orchestrator
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.
network
low complexity
mcafee CWE-89
critical
 10.0
10
2017-03-14 CVE-2016-8026 Permissions, Privileges, and Access Controls vulnerability in Mcafee Security Scan Plus 2.0.181.2/3.11.376/3.11.469
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors.
local
low complexity
mcafee CWE-264
7.8
7.8
2017-03-14 CVE-2016-8025 SQL Injection vulnerability in Mcafee Virusscan Enterprise
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
network
high complexity
mcafee CWE-89
6.2
6.2
2017-03-14 CVE-2016-8024 HTTP Response Splitting vulnerability in Mcafee Virusscan Enterprise
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
network
high complexity
mcafee CWE-113
8.1
8.1
2017-03-14 CVE-2016-8023 Improper Authentication vulnerability in Mcafee Virusscan Enterprise
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
network
high complexity
mcafee CWE-287
8.1
8.1
2017-03-14 CVE-2016-8022 Improper Authentication vulnerability in Mcafee Virusscan Enterprise
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.
network
high complexity
mcafee CWE-287
7.5
7.5
2017-03-14 CVE-2016-8021 Improper Verification of Cryptographic Signature vulnerability in Mcafee Virusscan Enterprise
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.
local
low complexity
mcafee CWE-347
5.0
5.0
2017-03-14 CVE-2016-8020 Code Injection vulnerability in Mcafee Virusscan Enterprise
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
network
high complexity
mcafee CWE-94
8.0
8.0
2017-03-14 CVE-2016-8019 Cross-site Scripting vulnerability in Mcafee Virusscan Enterprise
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
network
low complexity
mcafee CWE-79
6.1
6.1
2017-03-14 CVE-2016-8018 Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Virusscan Enterprise
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.
network
low complexity
mcafee CWE-352
4.3
4.3