Vulnerabilities > Mcafee > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-29 | CVE-2021-31838 | OS Command Injection vulnerability in Mcafee Mvision EDR 3.2.0/3.3.0 A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | 9.1 |
| 2020-09-15 | CVE-2020-7293 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. | 9.0 |
| 2019-09-12 | CVE-2019-3638 | Cross-site Scripting vulnerability in Mcafee web Gateway Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | 9.6 |
| 2019-03-26 | CVE-2019-3597 | Unspecified vulnerability in Mcafee Network Security Manager Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions. | 9.8 |
| 2019-02-26 | CVE-2019-9169 | Out-of-bounds Read vulnerability in multiple products In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. | 9.8 |
| 2018-12-11 | CVE-2018-6703 | Use After Free vulnerability in Mcafee Agent Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. | 9.8 |
| 2018-12-07 | CVE-2018-18311 | Integer Overflow or Wraparound vulnerability in multiple products Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | 9.8 |
| 2018-07-23 | CVE-2018-6678 | Unspecified vulnerability in Mcafee web Gateway 7.8.1.0 Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. | 9.1 |
| 2018-07-23 | CVE-2018-6677 | Path Traversal vulnerability in Mcafee web Gateway 7.8.1.0 Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. | 9.1 |
| 2018-06-26 | CVE-2018-6667 | Improper Authentication vulnerability in Mcafee web Gateway Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). | 9.8 |