Vulnerabilities > Mcafee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-20 | CVE-2016-1833 | Out-of-bounds Read vulnerability in multiple products The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | 4.3 |
| 2016-04-08 | CVE-2016-3983 | Insufficient Verification of Data Authenticity vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14/3.4.4.142 McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | 5.0 |
| 2016-04-06 | CVE-2016-3969 | Cross-site Scripting vulnerability in Mcafee Email Gateway Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email. | 4.3 |
| 2016-03-24 | CVE-2016-1762 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | 5.8 |
| 2016-02-01 | CVE-2016-2199 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee vulnerability Manager 7.0.11/7.5.4/7.5.5 Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | 6.8 |
| 2016-01-12 | CVE-2016-1715 | Numeric Errors vulnerability in multiple products The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location. | 5.5 |
| 2015-10-01 | CVE-2015-7612 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee vulnerability Manager 7.0.11/7.5.4/7.5.5 Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | 6.8 |
| 2015-09-22 | CVE-2015-7310 | OS Command Injection vulnerability in Mcafee products McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file. | 6.5 |
| 2015-09-18 | CVE-2015-7237 | Path Traversal vulnerability in Mcafee Agent 5.0.0/5.0.1 Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2015-06-23 | CVE-2015-2859 | Cryptographic Issues vulnerability in Mcafee Epolicy Orchestrator Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |