Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-26 CVE-2019-3606 Cleartext Storage of Sensitive Information vulnerability in Mcafee Network Security Manager
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.
local
high complexity
mcafee CWE-312
4.1
2019-03-21 CVE-2019-6454 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in sd-bus in systemd 239.
5.5
2019-03-12 CVE-2019-3615 Information Exposure vulnerability in Mcafee Database Security 4.6.6
Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.
low complexity
mcafee CWE-200
6.8
2019-02-28 CVE-2019-3598 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee Agent
Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets.
network
low complexity
mcafee CWE-119
5.3
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-02-21 CVE-2018-6687 Infinite Loop vulnerability in Mcafee Getsusp 3.0.0.461
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file .
local
low complexity
mcafee CWE-835
5.5
2019-02-13 CVE-2019-3610 Information Exposure vulnerability in Mcafee True KEY 3.1.9211.0
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
local
low complexity
mcafee CWE-200
5.5
2019-01-23 CVE-2019-3587 Untrusted Search Path vulnerability in Mcafee Total Protection 4.0.161.1/4.0.176.1/4.6
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.
local
low complexity
mcafee CWE-426
6.5
2019-01-23 CVE-2019-3584 Improper Authentication vulnerability in Mcafee Mvision Endpoint
Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors.
local
low complexity
mcafee CWE-287
6.0
2018-10-03 CVE-2018-6695 Unspecified vulnerability in Mcafee Threat Intelligence Exchange Server
SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.
network
high complexity
mcafee
5.9