Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2017-03-14 CVE-2015-8993 Permissions, Privileges, and Access Controls vulnerability in Mcafee Cloud AV, Security Scan Plus and Security Webadvisor
Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
local
high complexity
mcafee CWE-264
7.0
2017-03-14 CVE-2015-8992 Permissions, Privileges, and Access Controls vulnerability in Mcafee Cloud AV, Security Scan Plus and Security Webadvisor
Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
local
high complexity
mcafee CWE-264
7.0
2017-03-14 CVE-2015-8991 Permissions, Privileges, and Access Controls vulnerability in Mcafee Cloud AV, Security Scan Plus and Security Webadvisor
Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
local
high complexity
mcafee CWE-264
7.0
2017-03-14 CVE-2015-8990 7PK - Security Features vulnerability in Mcafee Advanced Threat Defense
Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware.
network
low complexity
mcafee CWE-254
7.5
2017-03-14 CVE-2015-8989 Cryptographic Issues vulnerability in Mcafee vulnerability Manager
Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database.
network
low complexity
mcafee CWE-310
8.8
2017-03-14 CVE-2015-8988 Command Injection vulnerability in Mcafee EPO Deep Command 2.1/2.2
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path.
network
low complexity
mcafee CWE-77
8.8
2017-03-14 CVE-2015-8987 Improper Access Control vulnerability in Mcafee Agent
Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server.
network
high complexity
mcafee CWE-284
5.3
2017-03-14 CVE-2015-8986 7PK - Security Features vulnerability in Mcafee Advanced Threat Defense 3.4/3.4.2.32
Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware.
local
low complexity
mcafee CWE-254
5.5
2017-03-14 CVE-2014-9921 Permissions, Privileges, and Access Controls vulnerability in Mcafee Cloud Analysis and Deconstructive Services 1.0.0.3/1.0.0.4D
Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error.
network
low complexity
mcafee CWE-264
critical
9.8
2017-03-14 CVE-2014-9920 Improper Access Control vulnerability in Mcafee Application Control
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.
network
high complexity
mcafee CWE-284
5.9