Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-02-21 CVE-2018-6687 Infinite Loop vulnerability in Mcafee Getsusp 3.0.0.461
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file .
local
low complexity
mcafee CWE-835
5.5
2019-02-13 CVE-2019-3610 Information Exposure vulnerability in Mcafee True KEY 3.1.9211.0
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
local
low complexity
mcafee CWE-200
5.5
2019-01-23 CVE-2019-3587 Untrusted Search Path vulnerability in Mcafee Total Protection 4.0.161.1/4.0.176.1/4.6
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.
local
low complexity
mcafee CWE-426
6.5
2019-01-23 CVE-2019-3584 Improper Authentication vulnerability in Mcafee Mvision Endpoint
Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors.
local
low complexity
mcafee CWE-287
6.0
2018-10-03 CVE-2018-6695 Unspecified vulnerability in Mcafee Threat Intelligence Exchange Server
SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.
network
high complexity
mcafee
5.9
2018-09-24 CVE-2018-6682 Cross-site Scripting vulnerability in Mcafee True KEY 4.0.0.0
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
network
low complexity
mcafee CWE-79
6.1
2018-09-18 CVE-2018-6693 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mcafee products
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier.
local
high complexity
mcafee CWE-367
5.3
2018-07-27 CVE-2018-6686 Improper Authentication vulnerability in Mcafee Drive Encryption
Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances.
low complexity
mcafee CWE-287
6.6
2018-07-17 CVE-2018-6681 Cross-site Scripting vulnerability in Mcafee Network Security Manager
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
network
low complexity
mcafee CWE-79
5.4
2018-06-15 CVE-2018-6672 Information Exposure vulnerability in Mcafee Epolicy Orchestrator
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.
network
low complexity
mcafee CWE-200
6.5