Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-24 CVE-2019-3591 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection.
network
low complexity
mcafee CWE-79
6.1
2019-07-23 CVE-2019-2816 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).
network
high complexity
oracle debian opensuse hp mcafee canonical redhat
4.8
2019-07-23 CVE-2019-2769 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).
network
low complexity
oracle debian canonical redhat hp mcafee opensuse
5.3
2019-07-23 CVE-2019-2762 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).
network
low complexity
oracle canonical opensuse debian redhat mcafee hp
5.3
2019-07-23 CVE-2019-2745 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security).
local
high complexity
oracle debian canonical opensuse mcafee hp
5.1
2019-07-18 CVE-2019-3592 Unspecified vulnerability in Mcafee Agent
Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and placing a carefully constructed file in the MA directory.
local
low complexity
mcafee
6.7
2019-07-03 CVE-2019-3619 Cleartext Transmission of Sensitive Information vulnerability in Mcafee Epolicy Orchestrator 5.10.0/5.9.0/5.9.1
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.
network
low complexity
mcafee CWE-319
4.9
2019-06-27 CVE-2019-3629 Unspecified vulnerability in Mcafee Enterprise Security Manager
Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters.
network
low complexity
mcafee
6.5
2019-05-15 CVE-2019-3602 Cross-site Scripting vulnerability in Mcafee Network Security Manager
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.
network
low complexity
mcafee CWE-79
4.8
2019-04-10 CVE-2019-3612 Cleartext Storage of Sensitive Information vulnerability in Mcafee Data Exchange Layer and Threat Intelligence Exchange
Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.
local
low complexity
mcafee CWE-312
4.4