Vulnerabilities > Mcafee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-14 | CVE-2016-8017 | Improper Input Validation vulnerability in Mcafee Virusscan Enterprise Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input. | 4.1 |
| 2017-03-14 | CVE-2016-8007 | Improper Access Control vulnerability in Mcafee Host Intrusion Prevention Services 8.0 Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions. | 6.3 |
| 2017-03-14 | CVE-2016-8005 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Email Gateway File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension. | 6.5 |
| 2017-03-14 | CVE-2015-8987 | Improper Access Control vulnerability in Mcafee Agent Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server. | 5.3 |
| 2017-03-14 | CVE-2015-8986 | 7PK - Security Features vulnerability in Mcafee Advanced Threat Defense 3.4/3.4.2.32 Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware. | 5.5 |
| 2017-03-14 | CVE-2014-9920 | Improper Access Control vulnerability in Mcafee Application Control Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances. | 5.9 |
| 2017-03-14 | CVE-2013-7461 | Improper Access Control vulnerability in Mcafee Application Control and Change Control A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions. | 5.5 |
| 2017-03-14 | CVE-2013-7460 | Improper Access Control vulnerability in Mcafee Application Control and Change Control A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions. | 5.5 |
| 2017-02-13 | CVE-2017-3902 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation. | 5.4 |
| 2017-02-13 | CVE-2017-3896 | Improper Input Validation vulnerability in Mcafee Agent Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated. | 5.9 |