Vulnerabilities > Mcafee > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-06-29 CVE-2021-31838 OS Command Injection vulnerability in Mcafee Mvision EDR 3.2.0/3.3.0
A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.
network
low complexity
mcafee CWE-78
critical
9.1
2020-09-15 CVE-2020-7293 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.
low complexity
mcafee CWE-287
critical
9.0
2019-09-12 CVE-2019-3638 Cross-site Scripting vulnerability in Mcafee web Gateway
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.
network
low complexity
mcafee CWE-79
critical
9.6
2019-03-26 CVE-2019-3597 Unspecified vulnerability in Mcafee Network Security Manager
Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
network
low complexity
mcafee
critical
9.8
2019-02-26 CVE-2019-9169 Out-of-bounds Read vulnerability in multiple products
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
network
low complexity
gnu netapp mcafee canonical CWE-125
critical
9.8
2018-12-11 CVE-2018-6703 Use After Free vulnerability in Mcafee Agent
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.
network
low complexity
mcafee CWE-416
critical
9.8
2018-12-07 CVE-2018-18311 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
network
low complexity
perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190
critical
9.8
2018-07-23 CVE-2018-6678 Unspecified vulnerability in Mcafee web Gateway 7.8.1.0
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.
network
low complexity
mcafee
critical
9.1
2018-07-23 CVE-2018-6677 Path Traversal vulnerability in Mcafee web Gateway 7.8.1.0
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
network
low complexity
mcafee CWE-22
critical
9.1
2018-06-26 CVE-2018-6667 Improper Authentication vulnerability in Mcafee web Gateway
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).
network
low complexity
mcafee CWE-287
critical
9.8