Vulnerabilities > Mcafee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-24 | CVE-2018-6682 | Cross-site Scripting vulnerability in Mcafee True KEY 4.0.0.0 Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site. | 6.1 |
| 2018-09-18 | CVE-2018-6693 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mcafee products An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. | 5.3 |
| 2018-07-27 | CVE-2018-6686 | Improper Authentication vulnerability in Mcafee Drive Encryption Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances. | 6.6 |
| 2018-07-17 | CVE-2018-6681 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface. | 5.4 |
| 2018-06-15 | CVE-2018-6672 | Information Exposure vulnerability in Mcafee Epolicy Orchestrator Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. | 6.5 |
| 2018-06-15 | CVE-2018-6671 | Unspecified vulnerability in Mcafee Epolicy Orchestrator Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. | 6.5 |
| 2018-06-07 | CVE-2018-6670 | XXE vulnerability in Mcafee Common Catalog 2.0.0 External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter. | 6.5 |
| 2018-05-25 | CVE-2017-3961 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes. | 5.4 |
| 2018-04-04 | CVE-2017-3971 | Inadequate Encryption Strength vulnerability in Mcafee Network Security Manager Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers. | 6.5 |
| 2018-04-04 | CVE-2017-3969 | Channel and Path Errors vulnerability in Mcafee Network Security Manager Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL. | 5.9 |