Mcafee

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-4882 1Mcafee 2Epolicy Orchestrator Epolicy Orchestrator Agent Apr 29, 2026 Jul 22, 2013 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitra...Show more Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.Show less
CVE-2013-0141 1Mcafee 1Epolicy Orchestrator Apr 29, 2026 May 1, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication chann...Show more Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory.Show less
CVE-2013-0140 1Mcafee 1Epolicy Orchestrator Apr 29, 2026 May 1, 2013 N/A· v4 N/A· v3 7.9 HIGH· v2 SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the...Show more SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.Show less
CVE-2012-5879 1Mcafee 2Epo Mcafee Virtual Technician Mcafee Virtual Technician Apr 29, 2026 Mar 28, 2013 N/A· v4 N/A· v3 8.2 HIGH· v2 An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.
CVE-2012-4014 1Mcafee 1Email And Web Security Apr 29, 2026 Sep 25, 2012 N/A· v4 N/A· v3 7.8 HIGH· v2 Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors.
CVE-2010-5166 1Mcafee 1Total Protection 2010 Apr 29, 2026 Aug 25, 2012 N/A· v4 N/A· v3 6.2 MEDIUM· v2 Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by sig...Show more Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to executeShow less
CVE-2012-4599 1Mcafee 1Smartfilter Administration Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attack...Show more McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file.Show less
CVE-2012-4598 1Mcafee 2Epo Mcafee Virtual Technician Mcafee Virtual Technician Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.
CVE-2012-4597 1Mcafee 2Email And Web Security Email Gateway Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web...Show more Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard.Show less
CVE-2012-4596 1Mcafee 1Email Gateway Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL.
CVE-2012-4595 1Mcafee 2Email And Web Security Email Gateway Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspeci...Show more McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors.Show less
CVE-2012-4594 1Mcafee 1Epolicy Orchestrator Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 4.0 MEDIUM· v2 McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a...Show more McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.Show less
CVE-2012-4593 1Mcafee 2Application Control Change Control Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentica...Show more McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command.Show less
CVE-2012-4592 1Mcafee 1Enterprise Mobility Manager Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by int...Show more The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.Show less
CVE-2012-4591 1Mcafee 1Enterprise Mobility Manager Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information...Show more About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page.Show less
CVE-2012-4590 1Mcafee 1Enterprise Mobility Manager Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User...Show more Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable.Show less
CVE-2012-4589 1Mcafee 1Enterprise Mobility Manager Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 2.1 LOW· v2 Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by lev...Show more Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.Show less
CVE-2012-4588 1Mcafee 2Enterprise Mobility Manager Enterprise Mobility Manager Agent Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unl...Show more McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames.Show less
CVE-2012-4587 1Mcafee 2Enterprise Mobility Manager Enterprise Mobility Manager Agent Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 3.5 LOW· v2 McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attacke...Show more McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.Show less
CVE-2012-4586 1Mcafee 2Email And Web Security Email Gateway Apr 29, 2026 Aug 22, 2012 N/A· v4 N/A· v3 3.5 LOW· v2 McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated...Show more McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file.Show less

Previous 1...242526...31 Next