Mcafee: Security Vulnerabilities
Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and placing a carefully constructed file in the MA directory.
CVSS Score
7.2
EPSS Score
0.001
Published
2019-07-18
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.
CVSS Score
6.8
EPSS Score
0.002
Published
2019-07-03
Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters.
CVSS Score
8.3
EPSS Score
0.014
Published
2019-06-27
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
CVSS Score
8.0
EPSS Score
0.017
Published
2019-06-27
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
CVSS Score
8.0
EPSS Score
0.017
Published
2019-06-27
Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input.
CVSS Score
8.5
EPSS Score
0.019
Published
2019-06-27
Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control.
CVSS Score
7.5
EPSS Score
0.008
Published
2019-06-27
Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-05-15
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-05-15
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVSS Score
7.5
EPSS Score
0.001
Published
2019-04-23