Search Results (606 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8027 1 Mcafee 1 Epolicy Orchestrator 2025-04-20 N/A
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.
CVE-2017-4011 1 Mcafee 1 Network Data Loss Prevention 2025-04-20 N/A
Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.
CVE-2016-8005 1 Mcafee 1 Email Gateway 2025-04-20 N/A
File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension.
CVE-2016-8008 2 Mcafee, Microsoft 3 Security Scan Plus, Windows 10, Windows 7 2025-04-20 N/A
Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system.
CVE-2016-8019 1 Mcafee 1 Virusscan Enterprise 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
CVE-2016-8024 1 Mcafee 1 Virusscan Enterprise 2025-04-20 N/A
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
CVE-2017-4053 1 Mcafee 1 Advanced Threat Defense 2025-04-20 N/A
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter.
CVE-2014-9920 1 Mcafee 1 Application Control 2025-04-20 N/A
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.
CVE-2017-9287 5 Debian, Mcafee, Openldap and 2 more 11 Debian Linux, Policy Auditor, Openldap and 8 more 2025-04-20 6.5 Medium
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
CVE-2015-7704 6 Citrix, Debian, Mcafee and 3 more 16 Xenserver, Debian Linux, Enterprise Security Manager and 13 more 2025-04-20 7.5 High
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
CVE-2017-3934 1 Mcafee 1 Network Data Loss Prevention 2025-04-20 N/A
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.
CVE-2016-8010 1 Mcafee 2 Application Control, Endpoint Security 2025-04-20 N/A
Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility.
CVE-2016-8016 1 Mcafee 1 Virusscan Enterprise 2025-04-20 N/A
Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.
CVE-2016-8023 1 Mcafee 1 Virusscan Enterprise 2025-04-20 N/A
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
CVE-2015-8992 1 Mcafee 3 Cloud Av, Security Scan Plus, Security Webadvisor 2025-04-20 N/A
Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
CVE-2014-9921 1 Mcafee 1 Cloud Analysis And Deconstructive Services 2025-04-20 N/A
Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error.
CVE-2016-8018 1 Mcafee 1 Virusscan Enterprise 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.
CVE-2017-4052 1 Mcafee 1 Advanced Threat Defense 2025-04-20 N/A
Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter.
CVE-2017-4014 1 Mcafee 1 Network Data Loss Prevention 2025-04-20 N/A
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.
CVE-2015-1617 1 Mcafee 1 Data Loss Prevention Endpoint 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.