Vulnerabilities > Mcafee > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-13 | CVE-2017-3936 | OS Command Injection vulnerability in Mcafee Epolicy Orchestrator OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | 9.8 |
| 2018-06-13 | CVE-2017-3907 | Code Injection vulnerability in Mcafee Threat Intelligence Exchange 2.1.0 Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | 9.8 |
| 2018-06-13 | CVE-2017-3968 | Session Fixation vulnerability in Mcafee products Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. | 9.1 |
| 2018-06-12 | CVE-2017-3962 | Use of Password Hash With Insufficient Computational Effort vulnerability in Mcafee Network Security Manager Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. | 9.8 |
| 2018-04-26 | CVE-2018-10381 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Tunnelbear 3.2.0.6 TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. | 9.8 |
| 2018-04-03 | CVE-2017-3972 | Information Exposure vulnerability in Mcafee Network Security Manager Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information. | 9.8 |
| 2017-09-01 | CVE-2017-3897 | Code Injection vulnerability in Mcafee Livesafe and Security Scan Plus A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. | 9.8 |
| 2017-07-12 | CVE-2017-4053 | OS Command Injection vulnerability in Mcafee Advanced Threat Defense Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | 9.8 |
| 2017-07-12 | CVE-2017-4052 | Missing Authentication for Critical Function vulnerability in Mcafee Advanced Threat Defense Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter. | 9.8 |
| 2017-03-14 | CVE-2016-8027 | SQL Injection vulnerability in Mcafee Epolicy Orchestrator SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. | 10.0 |