Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-04-02 CVE-2018-6660 Path Traversal vulnerability in Mcafee Epolicy Orchestrator
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
network
low complexity
mcafee CWE-22
4.9
2017-12-18 CVE-2017-17740 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.
network
low complexity
openldap opensuse oracle mcafee CWE-119
5.0
2017-10-31 CVE-2017-3935 Information Exposure vulnerability in Mcafee Network Data Loss Prevention
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.
network
low complexity
mcafee CWE-200
5.0
2017-10-31 CVE-2017-3934 Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.
network
mcafee CWE-200
4.3
2017-09-01 CVE-2017-3898 Improper Input Validation vulnerability in Mcafee Livesafe 14.0
A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.
network
mcafee CWE-20
4.3
2017-08-07 CVE-2015-7704 Improper Input Validation vulnerability in multiple products
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
network
low complexity
ntp debian netapp redhat mcafee citrix CWE-20
5.0
2017-07-12 CVE-2017-4057 Unspecified vulnerability in Mcafee Advanced Threat Defense
Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands.
network
low complexity
mcafee
6.5
2017-07-12 CVE-2017-4055 Missing Authentication for Critical Function vulnerability in Mcafee Advanced Threat Defense
Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization.
network
low complexity
mcafee CWE-306
5.0
2017-07-12 CVE-2017-4054 Command Injection vulnerability in Mcafee Advanced Threat Defense
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter.
network
low complexity
mcafee CWE-77
6.5
2017-05-29 CVE-2017-9287 Double Free vulnerability in multiple products
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability.
network
low complexity
openldap debian redhat mcafee oracle CWE-415
4.0