Vulnerabilities > Mcafee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-15 | CVE-2015-4559 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-04-08 | CVE-2015-3030 | Information Exposure vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14 The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors. | 4.0 |
| 2015-04-08 | CVE-2015-3029 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14 The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.0 |
| 2015-04-08 | CVE-2015-3028 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14 McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters. | 5.5 |
| 2015-03-27 | CVE-2015-2759 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Data Loss Prevention Endpoint Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors. | 6.8 |
| 2015-03-27 | CVE-2015-2758 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Data Loss Prevention Endpoint The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL. | 6.5 |
| 2015-03-27 | CVE-2015-2757 | Resource Management Errors vulnerability in Mcafee Data Loss Prevention Endpoint The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors. | 4.0 |
| 2015-02-23 | CVE-2015-2053 | Improper Input Validation vulnerability in Mcafee Agent 4.8.0/5.0.0 The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability. | 4.3 |
| 2015-02-17 | CVE-2015-1618 | Information Exposure vulnerability in Mcafee Data Loss Prevention Endpoint The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. | 4.0 |
| 2015-02-17 | CVE-2015-1616 | SQL Injection vulnerability in Mcafee Data Loss Prevention Endpoint SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |