← Back

Mcafee

mcafee

602 CVEs • 137 products

Products (137)

Click to collapse
Toggle
Epolicy Orchestrator
epolicy_orchestrator
86 CVEs
Web Gateway
web_gateway
41 CVEs
Endpoint Security
endpoint_security
37 CVEs
Network Data Loss Prevention
network_data_loss_prevention
31 CVEs
Virusscan Enterprise
virusscan_enterprise
29 CVEs
Total Protection
total_protection
26 CVEs
Data Loss Prevention Endpoint
data_loss_prevention_endpoint
26 CVEs
Advanced Threat Defense
advanced_threat_defense
26 CVEs
Agent
agent
25 CVEs
Email Gateway
email_gateway
20 CVEs
Network Security Manager
network_security_manager
19 CVEs
Gateway
gateway
13 CVEs
Scan Engine
scan_engine
12 CVEs
Data Loss Prevention
data_loss_prevention
12 CVEs
Virusscan
virusscan
10 CVEs
Email And Web Security
email_and_web_security
10 CVEs
Mcafee Agent
mcafee_agent
10 CVEs
Antivirus Engine
antivirus_engine
9 CVEs
Enterprise Security Manager
enterprise_security_manager
9 CVEs
Policy Auditor
policy_auditor
9 CVEs
True Key
true_key
8 CVEs
Database Security
database_security
8 CVEs
Application Control
application_control
7 CVEs
Active Response
active_response
7 CVEs
Security Scan Plus
security_scan_plus
7 CVEs
Threat Intelligence Exchange Server
threat_intelligence_exchange_server
7 CVEs
Protectionpilot
protectionpilot
6 CVEs
E Business Server
e-business_server
6 CVEs
Enterprise Mobility Manager
enterprise_mobility_manager
6 CVEs
Vulnerability Manager
vulnerability_manager
6 CVEs
Application And Change Control
application_and_change_control
6 CVEs
Mvision Endpoint
mvision_endpoint
6 CVEs
Internet Security Suite
internet_security_suite
5 CVEs
Common Management Agent
common_management_agent
5 CVEs
Data Exchange Layer
data_exchange_layer
5 CVEs
Mcafee Web Gateway
mcafee_web_gateway
4 CVEs
Intrushield Security Management System
intrushield_security_management_system
3 CVEs
Virex
virex
3 CVEs
Epolicy Orchestrator Agent
epolicy_orchestrator_agent
3 CVEs
Saas Endpoint Protection
saas_endpoint_protection
3 CVEs
Change Control
change_control
3 CVEs
File And Removable Media Protection
file_and_removable_media_protection
3 CVEs
Host Intrusion Prevention
host_intrusion_prevention
3 CVEs
Livesafe
livesafe
3 CVEs
Security Webadvisor
security_webadvisor
3 CVEs
Cloud Av
cloud_av
3 CVEs
Drive Encryption
drive_encryption
3 CVEs
Application Change Control
application_change_control
3 CVEs
Webadvisor
webadvisor
3 CVEs
Endpoint Detection And Response
endpoint_detection_and_response
3 CVEs
Webshield Smtp
webshield_smtp
2 CVEs
Personal Firewall Plus
personal_firewall_plus
2 CVEs
Security Center
security_center
2 CVEs
Cma
cma
2 CVEs
Smartfilter
smartfilter
2 CVEs
Intrushield Network Security Manager
intrushield_network_security_manager
2 CVEs
Enterprise Mobility Manager Agent
enterprise_mobility_manager_agent
2 CVEs
Mcafee Virtual Technician
mcafee_virtual_technician
2 CVEs
Epo Mcafee Virtual Technician
epo_mcafee_virtual_technician
2 CVEs
Superscan
superscan
2 CVEs
Cloud Single Sign On
cloud_single_sign_on
2 CVEs
Asset Manager
asset_manager
2 CVEs
Epo Deep Command
epo_deep_command
2 CVEs
Threat Intelligence Exchange
threat_intelligence_exchange
2 CVEs
File Lock
file_lock
2 CVEs
Anti Malware Scan Engine
anti-malware_scan_engine
2 CVEs
Anti Virus Plus
anti-virus_plus
2 CVEs
Internet Security
internet_security
2 CVEs
Endpoint Security For Linux Threat Prevention
endpoint_security_for_linux_threat_prevention
2 CVEs
Getsusp
getsusp
2 CVEs
Techcheck
techcheck
2 CVEs
Network Security Management
network_security_management
2 CVEs
Web Gateway Cloud Service
web_gateway_cloud_service
2 CVEs
Consumer Product Removal Tool
consumer_product_removal_tool
2 CVEs
Asap Virusscan
asap_virusscan
1 CVE
Remote Desktop 32
remote_desktop_32
1 CVE
Entercept Agent
entercept_agent
1 CVE
Freescan
freescan
1 CVE
Security Installer Control System
security_installer_control_system
1 CVE
Mcinsctl.dll
mcinsctl.dll
1 CVE
Virusscan Security Center
virusscan_security_center
1 CVE
Antispyware
antispyware
1 CVE
Privacy Service
privacy_service
1 CVE
Quickclean
quickclean
1 CVE
Spamkiller
spamkiller
1 CVE
Wireless Home Network Security
wireless_home_network_security
1 CVE
Network Agent
network_agent
1 CVE
Neotrace
neotrace
1 CVE
Visual Trace
visual_trace
1 CVE
Securitycenter Agent
securitycenter_agent
1 CVE
Mcafee Framework
mcafee_framework
1 CVE
Encrypted Usb Manager
encrypted_usb_manager
1 CVE
Active Virus Defense
active_virus_defense
1 CVE
Active Virusscan
active_virusscan
1 CVE
Securityshield For Email Servers
securityshield_for_email_servers
1 CVE
Securityshield For Microsoft Isa Server
securityshield_for_microsoft_isa_server
1 CVE
Securityshield For Microsoft Sharepoint
securityshield_for_microsoft_sharepoint
1 CVE
Total Protection For Endpoint
total_protection_for_endpoint
1 CVE
Virusscan Commandline
virusscan_commandline
1 CVE
Virusscan Plus
virusscan_plus
1 CVE

CVEs (602)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-6674
1Mcafee
1Virusscan Enterprise
Nov 21, 2024
May 25, 2018
N/A· v4
3.9 LOW· v3
2.1 LOW· v2
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the syst...Show more
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).Show less
CVE-2018-6664
1Mcafee
1Data Loss Prevention Endpoint
Nov 21, 2024
May 25, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block acti...Show more
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.Show less
CVE-2017-3961
1Mcafee
1Network Security Manager
Nov 21, 2024
May 25, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page...Show more
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.Show less
CVE-2018-10381
1Mcafee
1Tunnelbear
Nov 21, 2024
Apr 26, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applic...Show more
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.Show less
CVE-2017-3971
1Mcafee
1Network Security Manager
Nov 21, 2024
Apr 4, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.
CVE-2017-3969
1Mcafee
1Network Security Manager
Nov 21, 2024
Apr 4, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.
CVE-2017-3967
1Mcafee
1Network Security Manager
Nov 21, 2024
Apr 4, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability...Show more
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.Show less
CVE-2017-3966
1Mcafee
1Network Security Manager
Nov 21, 2024
Apr 4, 2018
N/A· v4
6.3 MEDIUM· v3
6.5 MEDIUM· v2
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a...Show more
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL.Show less
CVE-2017-3965
1Mcafee
1Network Security Manager
Nov 21, 2024
Apr 4, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrie...Show more
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.Show less
CVE-2017-3964
1Mcafee
1Network Security Manager
Nov 21, 2024
Apr 4, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.
CVE-2017-4028
1Mcafee
6Anti Virus Plus
Endpoint SecurityHost Intrusion Prevention+3 more
Nov 21, 2024
Apr 3, 2018
N/A· v4
4.4 MEDIUM· v3
2.1 LOW· v2
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulatio...Show more
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.Show less
CVE-2017-3972
1Mcafee
1Network Security Manager
Nov 21, 2024
Apr 3, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sen...Show more
Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information.Show less
CVE-2018-6659
1Mcafee
1Epolicy Orchestrator
Nov 21, 2024
Apr 2, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
CVE-2018-6661
1Mcafee
1True Key
Nov 21, 2024
Apr 2, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
CVE-2018-6660
1Mcafee
1Epolicy Orchestrator
Nov 21, 2024
Apr 2, 2018
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not...Show more
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.Show less
CVE-2017-17740
4Mcafee
OpenldapOpensuse+1 more
4Blockchain Platform
LeapOpenldap+1 more
May 13, 2026
Dec 18, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to ca...Show more
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.Show less
CVE-2017-3935
1Mcafee
1Network Data Loss Prevention
May 13, 2026
Oct 31, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and...Show more
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.Show less
CVE-2017-3934
1Mcafee
1Network Data Loss Prevention
May 13, 2026
Oct 31, 2017
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on th...Show more
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.Show less
CVE-2017-3933
1Mcafee
1Network Data Loss Prevention
May 13, 2026
Oct 31, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.
CVE-2017-3898
1Mcafee
1Livesafe
May 13, 2026
Sep 1, 2017
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated wi...Show more
A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.Show less