Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-24 CVE-2018-6682 Cross-site Scripting vulnerability in Mcafee True KEY 4.0.0.0
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
network
low complexity
mcafee CWE-79
6.1
2018-09-18 CVE-2018-6693 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mcafee products
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier.
local
high complexity
mcafee CWE-367
5.3
2018-07-27 CVE-2018-6686 Improper Authentication vulnerability in Mcafee Drive Encryption
Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances.
low complexity
mcafee CWE-287
6.6
2018-07-17 CVE-2018-6681 Cross-site Scripting vulnerability in Mcafee Network Security Manager
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
network
low complexity
mcafee CWE-79
5.4
2018-06-15 CVE-2018-6672 Information Exposure vulnerability in Mcafee Epolicy Orchestrator
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.
network
low complexity
mcafee CWE-200
6.5
2018-06-15 CVE-2018-6671 Unspecified vulnerability in Mcafee Epolicy Orchestrator
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.
network
low complexity
mcafee
6.5
2018-06-07 CVE-2018-6670 XXE vulnerability in Mcafee Common Catalog 2.0.0
External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.
network
low complexity
mcafee CWE-611
6.5
2018-05-25 CVE-2017-3961 Cross-site Scripting vulnerability in Mcafee Network Security Manager
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
network
low complexity
mcafee CWE-79
5.4
2018-04-04 CVE-2017-3971 Inadequate Encryption Strength vulnerability in Mcafee Network Security Manager
Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.
network
low complexity
mcafee CWE-326
6.5
2018-04-04 CVE-2017-3969 Channel and Path Errors vulnerability in Mcafee Network Security Manager
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.
network
high complexity
mcafee CWE-417
5.9