CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-6703 – Remote Logging functionality had a use after free vulnerability in McAfee Agent
https://notcve.org/view.php?id=CVE-2018-6703
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. Un uso de memoria previamente liberada en el inicio de sesión remoto (deshabilitado por defecto) en McAfee Agent (MA), en las versiones 5.x anteriores a la 5.60, permite a los atacantes remotos no autenticados provocar una denegación de servicio (DoS) y, potencialmente, una ejecución remota de código mediante una cabecera HTTP especialmente manipulada enviada al servicio de inicio de sesión • https://kc.mcafee.com/corporate/index?page=content&id=SB10258 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18817
https://notcve.org/view.php?id=CVE-2018-18817
The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. Leostream Agent en versiones anteriores a la Build 7.0.1.0 al emplearse con Leostream Connection Broker 8.2.72 o anteriores permite que atacantes remotos modifiquen las claves de registro mediante la API Leostream Agent. • https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update •
CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 2CVE-2016-3984 – McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass
https://notcve.org/view.php?id=CVE-2016-3984
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys. El McAfee VirusScan Console (mcconsol.exe) en McAfee Active Response (MAR) en versiones anteriores a 1.1.0.161, Agent (MA) 5.x en versiones anteriores a 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) en versiones anteriores a 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 en versiones anteriores a Patch 6 y 9.4 en versiones anteriores a Patch 1 HF3, Device Control (MDC) 9.3 en versiones anteriores a Patch 6 y 9.4 en versiones anteriores a Patch 1 HF3, Endpoint Security (ENS) 10.x en versiones anteriores a 10.1, Host Intrusion Prevention Service (IPS) 8.0 en versiones anteriores a 8.0.0.3624 y VirusScan Enterprise (VSE) 8.8 en versiones anteriores a P7 (8.8.0.1528) en Windows permite a administradores locales eludir las reglas destinadas a la autoprotección y desactivar el motor del antivirus modificando claves de registro. • https://www.exploit-db.com/exploits/39531 http://lab.mediaservice.net/advisory/2016-01-mcafee.txt http://seclists.org/fulldisclosure/2016/Mar/13 http://www.securitytracker.com/id/1035130 https://kc.mcafee.com/corporate/index?page=content&id=SB10151 • CWE-284: Improper Access Control •