Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-04-04 CVE-2017-3967 Code Injection vulnerability in Mcafee Network Security Manager
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.
network
low complexity
mcafee CWE-94
6.1
2018-04-04 CVE-2017-3966 Insufficient Session Expiration vulnerability in Mcafee Network Security Manager
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL.
network
low complexity
mcafee CWE-613
6.3
2018-04-04 CVE-2017-3964 Cross-site Scripting vulnerability in Mcafee Network Security Manager
Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.
network
low complexity
mcafee CWE-79
5.4
2018-04-03 CVE-2017-4028 Injection vulnerability in Mcafee products
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.
local
low complexity
mcafee CWE-74
4.4
2018-04-02 CVE-2018-6659 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
network
low complexity
mcafee CWE-79
5.4
2018-04-02 CVE-2018-6660 Path Traversal vulnerability in Mcafee Epolicy Orchestrator
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
network
low complexity
mcafee CWE-22
4.9
2017-10-31 CVE-2017-3934 Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.
network
high complexity
mcafee CWE-200
5.9
2017-10-31 CVE-2017-3933 Cross-site Scripting vulnerability in Mcafee Network Data Loss Prevention
Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.
network
low complexity
mcafee CWE-79
5.4
2017-09-01 CVE-2017-3898 Improper Input Validation vulnerability in Mcafee Livesafe 14.0/16.0.2
A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.
network
high complexity
mcafee CWE-20
5.9
2017-06-23 CVE-2017-3948 Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.
network
low complexity
mcafee CWE-79
5.4