Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2016-04-08 CVE-2016-3983 Insufficient Verification of Data Authenticity vulnerability in Mcafee Advanced Threat Defense
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process.
network
low complexity
mcafee CWE-345
7.5
2016-04-06 CVE-2016-3969 Cross-site Scripting vulnerability in Mcafee Email Gateway
Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email.
network
low complexity
mcafee CWE-79
6.1
2016-03-24 CVE-2016-1762 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
network
low complexity
apple debian canonical xmlsoft redhat mcafee CWE-119
8.1
2016-02-01 CVE-2016-2199 Cross-Site Request Forgery (CSRF) vulnerability in Mcafee vulnerability Manager
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
network
low complexity
mcafee CWE-352
8.8
2016-01-29 CVE-2015-8773 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee File Lock 5.0
Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call.
network
low complexity
mcafee CWE-119
7.5
2016-01-29 CVE-2015-8772 Data Processing Errors vulnerability in Mcafee File Lock 5.0
McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call.
network
low complexity
mcafee CWE-19
critical
9.1
2016-01-12 CVE-2016-1715 Numeric Errors vulnerability in multiple products
The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location.
local
high complexity
microsoft mcafee CWE-189
6.6
2016-01-08 CVE-2015-8765 Unspecified vulnerability in Mcafee Epolicy Orchestrator
Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
mcafee
8.3