CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8987
https://notcve.org/view.php?id=CVE-2015-8987
14 Mar 2017 — Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server. Vulnerabilidad de ataque Man-in-the-middle (MitM) en los agentes de SO que no son de Mac en McAfee (ahora Intel Security) Agent (MA) 4.8.0 parche 2 y versiones anteriores permite a atacantes hacer que un McAfee Agent hable con otro servidor ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10101 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2017-3896
https://notcve.org/view.php?id=CVE-2017-3896
13 Feb 2017 — Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated. Vulnerabilidad de parámetro no válido en la capacidad de visualización de inicio de sesión remoto en Intel Security McAfee Agent 5.0.x versiones anteriores a 5.0.4.449 permite a atacantes remotos pasar parámetros de entrada inesperados a través de una URL que no fue co... • http://www.securityfocus.com/bid/95903 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 12%CPEs: 18EXPL: 1CVE-2016-4447 – libxml2: Heap-based buffer underreads due to xmlParseName
https://notcve.org/view.php?id=CVE-2016-4447
27 May 2016 — The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. La función xmlParseElementDecl en parser.c en libxml2 en versiones anteriores a 2.9.4 permite a atacantes dependientes del contexto provocar una denegación de servicio (underread basado en memoria dinámica y caída de aplicación) a través de un archivo manipulado, con la participació... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 2%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 2CVE-2016-3984 – McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass
https://notcve.org/view.php?id=CVE-2016-3984
08 Apr 2016 — The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.152... • https://www.exploit-db.com/exploits/39531 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7237
https://notcve.org/view.php?id=CVE-2015-7237
18 Sep 2015 — Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad en salto de directorio en la funcionalidad de visualización de registro remoto en McAfee Agent (MA) 5.x en versiones anteriores a 5.0.2, permite a atacantes remotos obtener información sensible a través de vectores no especificados . • http://www.securitytracker.com/id/1033450 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2053
https://notcve.org/view.php?id=CVE-2015-2053
23 Feb 2015 — The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability. El visor de registros en McAfee Agent (MA) anterior a 4.8.0 Patch 3 y 5.0.0, cuando la opción 'Aceptar conexiones exclusivamente del servidor ePO' está habilitada, permite a atacantes remotos realizar ataques de clickjacking a través de u... • http://www.securityfocus.com/bid/74873 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3627
https://notcve.org/view.php?id=CVE-2013-3627
05 Oct 2013 — FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request. FrameworkService.exe en McAfee Framework Service de McAfee Managed Agent (MA) anterior a la versión 4.5.0.1927 y 4.6 anterior a 4.6.0.3258 permite a atacantes remotos provocar una denegación de servicio (cuelgue del servicio) a través de peticiones HTTP malformadas. • http://www.kb.cert.org/vuls/id/613886 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 1CVE-2013-4882 – McAfee ePO 4.6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4882
21 Jul 2013 — Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140. Vulnerabilidad de inyección SQL en McAfee ePolicy Orchestrator 4.6.6 y anteriores, y el ePO Extension (ePO) para McAfee ... • https://www.exploit-db.com/exploits/26807 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 3%CPEs: 9EXPL: 1CVE-2013-4883 – McAfee ePO 4.6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4883
21 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or ... • https://www.exploit-db.com/exploits/26807 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •