CVSS: 8.1EPSS: 11%CPEs: 1EXPL: 2CVE-2016-8023 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8023
14 Dec 2016 — Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. Vulnerabilidad de elusión de autenticación por datos supuestos inmutables en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y versiones anteriores) permite a atacantes remotos no autenticados eludir autenticación del servidor través de una cookie de autenticaci... • https://packetstorm.news/files/id/140147 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 9%CPEs: 1EXPL: 2CVE-2016-8024 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8024
14 Dec 2016 — Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing. Vulnerabilidad de neutralización inapropiada de secuencias CRLF en cabeceras HTTP en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y versiones anteriores) permite a atacantes remotos no autenticados obtener información sensible a través de la supla... • https://packetstorm.news/files/id/140147 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 6.2EPSS: 1%CPEs: 1EXPL: 2CVE-2016-8025 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8025
14 Dec 2016 — SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. Vulnerabilidad de inyección SQL en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y versiones anteriores) permite a usuarios remotos autenticados obtener información del producto a través del parámetro de petición HTTP manipulado. McAfee Virus Scan Enterprise for Linux suffers from a remote code exec... • https://packetstorm.news/files/id/140147 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 2CVE-2016-3984 – McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass
https://notcve.org/view.php?id=CVE-2016-3984
08 Apr 2016 — The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.152... • https://www.exploit-db.com/exploits/39531 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8577
https://notcve.org/view.php?id=CVE-2015-8577
16 Dec 2015 — The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. La funcionalidad Buffer Overflow Protection (BOP) en McAfee VirusScan Enterprise en versiones anteriores a 8.8 Patch 6 asigna la memoria con permisos Read, Write, Execute (RWX) ... • http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2010-5143
https://notcve.org/view.php?id=CVE-2010-5143
22 Aug 2012 — McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module. McAfee VirusScan Enterprise antes de v8.8 permite a los usuarios locales desactivar el producto aprovechándose de privilegios de administrador para ejecutar un módulo de Metasploit Framework no especificado. • https://kc.mcafee.com/corporate/index?page=content&id=SB10014 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-5118
https://notcve.org/view.php?id=CVE-2009-5118
22 Aug 2012 — Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share. Vulnerabilidad de path de búsqueda no confiable en McAfee VirusScan Enterprise before v8.7i permite a usuarios locales obtener privilegios a través de una DLL troyanizada en un directorio no especificado, como se demostró escaneando un documento que estaba en un recurso compar... • https://exchange.xforce.ibmcloud.com/vulnerabilities/78448 •
CVSS: 9.8EPSS: 22%CPEs: 1EXPL: 0CVE-2007-2152
https://notcve.org/view.php?id=CVE-2007-2152
19 Apr 2007 — Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters. Desbordamiento de búfer en On-Access Scanner de McAfee VirusScan Enterprise versiones anteriores a 8.0i Patch 12, permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un nombre de fichero largo conteniendo caracteres multi-byte (Unicode). • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=515 •