Vulnerabilities > Mcafee > Virusscan Enterprise > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-05-25 | CVE-2018-6674 | Missing Encryption of Sensitive Data vulnerability in Mcafee Virusscan Enterprise 8.8.0 Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | 3.9 |
2017-03-14 | CVE-2016-8016 | Information Exposure vulnerability in Mcafee Virusscan Enterprise Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter. | 3.5 |
2017-03-14 | CVE-2016-8021 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Virusscan Enterprise Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file. | 3.5 |
2016-05-05 | CVE-2016-4534 | Permissions, Privileges, and Access Controls vulnerability in multiple products The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles. | 3.0 |
2016-04-08 | CVE-2016-3984 | Improper Access Control vulnerability in Mcafee products The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys. | 3.6 |
2015-12-16 | CVE-2015-8577 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Virusscan Enterprise The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | 2.6 |
2012-08-22 | CVE-2010-5143 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Virusscan Enterprise McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module. | 2.6 |
2006-09-19 | CVE-2006-4886 | Security Bypass vulnerability in Scan Engine The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition. | 3.7 |