Vulnerabilities > Mcafee
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-03-28 | CVE-2012-5879 | Permissions, Privileges, and Access Controls vulnerability in Mcafee products An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method. | 8.2 |
2012-09-25 | CVE-2012-4014 | Denial of Service vulnerability in McAfee Email Anti-virus Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
2012-08-22 | CVE-2012-4599 | Improper Authentication vulnerability in Mcafee Smartfilter Administration McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file. | 10.0 |
2012-08-22 | CVE-2012-4598 | Denial-Of-Service vulnerability in Mcafee products An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site. | 9.3 |
2012-08-22 | CVE-2012-4597 | Cross-Site Scripting vulnerability in Mcafee Email and web Security and Email Gateway Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. | 4.3 |
2012-08-22 | CVE-2012-4596 | Path Traversal vulnerability in Mcafee Email Gateway 7.0.0/7.0.1 Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. | 4.3 |
2012-08-22 | CVE-2012-4595 | Improper Authentication vulnerability in Mcafee Email and web Security and Email Gateway McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. | 7.5 |
2012-08-22 | CVE-2012-4594 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Epolicy Orchestrator McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. | 4.0 |
2012-08-22 | CVE-2012-4593 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Application Control and Change Control McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command. | 5.0 |
2012-08-22 | CVE-2012-4592 | Remote Security vulnerability in Mcafee Enterprise Mobility Manager 4.7 The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.0 |