Filtered by vendor Mcafee
Subscribe
Total
604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3660 | 1 Mcafee | 1 Advanced Threat Defense | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | |||||
| CVE-2019-3635 | 1 Mcafee | 1 Web Gateway | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe. | |||||
| CVE-2019-3646 | 1 Mcafee | 1 Total Protection | 2023-11-07 | 6.0 MEDIUM | 6.5 MEDIUM |
| DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. | |||||
| CVE-2019-3665 | 1 Mcafee | 1 Webadvisor | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. | |||||
| CVE-2019-3619 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server. | |||||
| CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2023-11-07 | 4.3 MEDIUM | 9.6 CRITICAL |
| Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | |||||
| CVE-2019-3612 | 1 Mcafee | 2 Data Exchange Layer, Threat Intelligence Exchange | 2023-11-07 | 2.1 LOW | 4.4 MEDIUM |
| Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line. | |||||
| CVE-2019-3631 | 1 Mcafee | 1 Enterprise Security Manager | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | |||||
| CVE-2019-3654 | 2 Mcafee, Microsoft | 2 Client Proxy, Windows | 2023-11-07 | 6.8 MEDIUM | 8.6 HIGH |
| Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator. | |||||
| CVE-2019-3644 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. | |||||
| CVE-2019-3613 | 1 Mcafee | 1 Agent | 2023-11-07 | 4.4 MEDIUM | 7.3 HIGH |
| DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder. | |||||
| CVE-2019-3663 | 1 Mcafee | 1 Advanced Threat Defense | 2023-11-07 | 2.1 LOW | 7.8 HIGH |
| Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details | |||||
| CVE-2019-3628 | 1 Mcafee | 1 Enterprise Security Manager | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. | |||||
| CVE-2019-3661 | 1 Mcafee | 1 Advanced Threat Defense | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | |||||
| CVE-2019-3670 | 1 Mcafee | 1 Web Advisor | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | |||||
| CVE-2019-3643 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. | |||||
| CVE-2019-3651 | 1 Mcafee | 1 Advanced Threat Defense | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | |||||
| CVE-2019-3632 | 1 Mcafee | 1 Enterprise Security Manager | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. | |||||
| CVE-2019-3662 | 1 Mcafee | 1 Advanced Threat Defense | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. | |||||
| CVE-2019-3738 | 3 Dell, Mcafee, Oracle | 16 Bsafe Cert-j, Bsafe Crypto-j, Bsafe Ssl-j and 13 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. | |||||