Vulnerabilities > Mcafee > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-14 | CVE-2016-8021 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Virusscan Enterprise Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file. | 5.0 |
2017-03-14 | CVE-2016-8019 | Cross-site Scripting vulnerability in Mcafee Virusscan Enterprise Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input. | 6.1 |
2017-03-14 | CVE-2016-8018 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Virusscan Enterprise Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input. | 4.3 |
2017-03-14 | CVE-2016-8017 | Improper Input Validation vulnerability in Mcafee Virusscan Enterprise Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input. | 4.1 |
2017-03-14 | CVE-2016-8007 | Improper Access Control vulnerability in Mcafee Host Intrusion Prevention Services 8.0 Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions. | 6.3 |
2017-03-14 | CVE-2016-8005 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Email Gateway File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension. | 6.5 |
2017-03-14 | CVE-2015-8987 | Improper Access Control vulnerability in Mcafee Agent Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server. | 5.3 |
2017-03-14 | CVE-2015-8986 | 7PK - Security Features vulnerability in Mcafee Advanced Threat Defense 3.4/3.4.2.32 Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware. | 5.5 |
2017-03-14 | CVE-2014-9920 | Improper Access Control vulnerability in Mcafee Application Control Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances. | 5.9 |
2017-03-14 | CVE-2013-7461 | Improper Access Control vulnerability in Mcafee Application Control and Change Control A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions. | 5.5 |