Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2017-03-14 CVE-2013-7462 Path Traversal vulnerability in Mcafee Saas Control Console Platform 6.15
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit.
network
low complexity
mcafee CWE-22
7.5
2017-03-14 CVE-2013-7461 Improper Access Control vulnerability in Mcafee Application Control and Change Control
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions.
local
low complexity
mcafee CWE-284
5.5
2017-03-14 CVE-2013-7460 Improper Access Control vulnerability in Mcafee Application Control and Change Control
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions.
local
low complexity
mcafee CWE-284
5.5
2017-02-13 CVE-2017-3902 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.
network
low complexity
mcafee CWE-79
5.4
2017-02-13 CVE-2017-3896 Improper Input Validation vulnerability in Mcafee Agent
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated.
network
high complexity
mcafee CWE-20
5.9
2017-01-05 CVE-2016-8006 Permissions, Privileges, and Access Controls vulnerability in Mcafee Security Information and Event Management 9.6.0
Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information including user passwords without supplying the current administrator password a second time via the GUI or GUI terminal commands.
local
low complexity
mcafee CWE-264
4.4
2016-06-30 CVE-2016-4472 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data.
network
high complexity
libexpat-project canonical mcafee python CWE-119
8.1
2016-06-09 CVE-2016-4448 Use of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
network
low complexity
hp apple xmlsoft redhat slackware oracle tenable mcafee CWE-134
critical
9.8
2016-06-09 CVE-2016-4447 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
network
low complexity
hp canonical debian oracle apple xmlsoft mcafee CWE-119
7.5
2016-05-26 CVE-2016-0718 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
9.8