Page 3 of 22 results (0.018 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. Vulnerabilidad de elusión de autenticación por datos supuestos inmutables en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y versiones anteriores) permite a atacantes remotos no autenticados eludir autenticación del servidor través de una cookie de autenticación manipulada. McAfee Virus Scan Enterprise for Linux suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/40911 http://www.securityfocus.com/bid/94823 http://www.securitytracker.com/id/1037433 https://kc.mcafee.com/corporate/index?page=content&id=SB10181 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file. Vulnerabilidad de verificación inapropiada de firma criptográfica en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y versiones anteriores) permite a usuarios remotos autenticados suplantar el servidor de actualización y ejecutar código arbitrario a través de un archivo de entrada manipulado. McAfee Virus Scan Enterprise for Linux suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/40911 http://www.securityfocus.com/bid/94823 http://www.securitytracker.com/id/1037433 https://kc.mcafee.com/corporate/index?page=content&id=SB10181 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 2

Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter. Exposición de información en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y anteriores) permite a atacantes remotos autenticados obtener la existencia de archivos no autorizados en el sistema a través de un parámetro de URL. McAfee Virus Scan Enterprise for Linux suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/40911 https://github.com/opsxcq/exploit-CVE-2016-8016-25 http://www.securityfocus.com/bid/94823 http://www.securitytracker.com/id/1037433 https://kc.mcafee.com/corporate/index?page=content&id=SB10181 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 2

The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys. El McAfee VirusScan Console (mcconsol.exe) en McAfee Active Response (MAR) en versiones anteriores a 1.1.0.161, Agent (MA) 5.x en versiones anteriores a 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) en versiones anteriores a 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 en versiones anteriores a Patch 6 y 9.4 en versiones anteriores a Patch 1 HF3, Device Control (MDC) 9.3 en versiones anteriores a Patch 6 y 9.4 en versiones anteriores a Patch 1 HF3, Endpoint Security (ENS) 10.x en versiones anteriores a 10.1, Host Intrusion Prevention Service (IPS) 8.0 en versiones anteriores a 8.0.0.3624 y VirusScan Enterprise (VSE) 8.8 en versiones anteriores a P7 (8.8.0.1528) en Windows permite a administradores locales eludir las reglas destinadas a la autoprotección y desactivar el motor del antivirus modificando claves de registro. • https://www.exploit-db.com/exploits/39531 http://lab.mediaservice.net/advisory/2016-01-mcafee.txt http://seclists.org/fulldisclosure/2016/Mar/13 http://www.securitytracker.com/id/1035130 https://kc.mcafee.com/corporate/index?page=content&id=SB10151 • CWE-284: Improper Access Control •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0

The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. La funcionalidad Buffer Overflow Protection (BOP) en McAfee VirusScan Enterprise en versiones anteriores a 8.8 Patch 6 asigna la memoria con permisos Read, Write, Execute (RWX) en direcciones predecibles en plataformas de 32-bits cuando está protegiendo otra aplicación, lo que permite a atacantes eludir los mecanismos de protección DEP y ASLR a través de vectores no especificados. • http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations http://breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-products-bypass-mitigations http://www.securityfocus.com/bid/78810 https://kc.mcafee.com/corporate/index?page=content&id=SB10142 • CWE-264: Permissions, Privileges, and Access Controls •