Vulnerabilities > Mcafee
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-09-24 | CVE-2009-3339 | Remote Security vulnerability in Mcafee Email and web Security Appliance 5.1 Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. | 7.8 |
2009-08-21 | CVE-2008-7020 | Cryptographic Issues vulnerability in Mcafee Safeboot Device Encryption 4 McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 2.1 |
2009-07-10 | CVE-2009-2429 | Credentials Management vulnerability in Mcafee Smartfilter 4.2.1.00 SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in admin_backup.xml files and uses insecure permissions for these files, which allows local users to gain privileges. | 4.6 |
2009-07-02 | CVE-2009-2312 | Cryptographic Issues vulnerability in Mcafee Smartfilter 4.2.1.00 SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges. | 4.6 |
2009-05-05 | CVE-2009-1491 | Improper Input Validation vulnerability in Mcafee Groupshield McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. | 9.3 |
2009-04-30 | CVE-2009-1348 | Improper Input Validation vulnerability in Mcafee products The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. | 7.6 |
2008-08-12 | CVE-2008-3605 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Encrypted USB Manager 3.1.0.0 Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors. | 6.8 |
2008-04-16 | CVE-2008-1855 | Resource Management Errors vulnerability in Mcafee CMA FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274. | 5.0 |
2008-03-17 | CVE-2008-1357 | USE of Externally-Controlled Format String vulnerability in Mcafee products Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. | 5.4 |
2008-01-10 | CVE-2008-0127 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mcafee E-Business Server The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet. | 8.8 |