Filtered by vendor Mcafee
Subscribe
Total
604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8025 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 6.0 MEDIUM | 6.2 MEDIUM |
| SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | |||||
| CVE-2016-8021 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 3.5 LOW | 5.0 MEDIUM |
| Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file. | |||||
| CVE-2016-8017 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 4.0 MEDIUM | 4.1 MEDIUM |
| Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input. | |||||
| CVE-2016-8016 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 3.5 LOW | 3.4 LOW |
| Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter. | |||||
| CVE-2016-8019 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input. | |||||
| CVE-2013-7092 | 1 Mcafee | 1 Email Gateway | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys. | |||||
| CVE-2013-7104 | 1 Mcafee | 1 Email Gateway | 2017-08-29 | 9.0 HIGH | N/A |
| McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. | |||||
| CVE-2014-2588 | 1 Mcafee | 1 Asset Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. | |||||
| CVE-2014-2587 | 1 Mcafee | 1 Asset Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). | |||||
| CVE-2013-7103 | 1 Mcafee | 1 Email Gateway | 2017-08-29 | 9.0 HIGH | N/A |
| McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. | |||||
| CVE-2014-1473 | 1 Mcafee | 1 Vulnerability Manager | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page." | |||||
| CVE-2014-1472 | 1 Mcafee | 1 Vulnerability Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4884 | 1 Mcafee | 1 Superscan | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report. | |||||
| CVE-2012-4597 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. | |||||
| CVE-2012-4595 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2017-08-29 | 7.5 HIGH | N/A |
| McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. | |||||
| CVE-2012-4589 | 1 Mcafee | 1 Enterprise Mobility Manager | 2017-08-29 | 2.1 LOW | N/A |
| Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2012-4590 | 1 Mcafee | 1 Enterprise Mobility Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable. | |||||
| CVE-2012-4587 | 1 Mcafee | 2 Enterprise Mobility Manager, Enterprise Mobility Manager Agent | 2017-08-29 | 3.5 LOW | N/A |
| McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device. | |||||
| CVE-2012-4591 | 1 Mcafee | 1 Enterprise Mobility Manager | 2017-08-29 | 5.0 MEDIUM | N/A |
| About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. | |||||
| CVE-2012-4594 | 1 Mcafee | 1 Epolicy Orchestrator | 2017-08-29 | 4.0 MEDIUM | N/A |
| McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. | |||||