CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-6704 – McAfee Agent for Linux Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2018-6704
12 Dec 2018 — Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions. Vulnerabilidad de escalado de privilegios en McAfee Agent (MA) para Linux, desde la versión 5.0.0 hasta la 5.0.6, 5.5.0 y la 5.5.1, permite que usuarios locales ejecuten comandos arbitrarios mediante condiciones específicas. • https://kc.mcafee.com/corporate/index?page=content&id=SB10259 • CWE-377: Insecure Temporary File •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2018-6703 – Remote Logging functionality had a use after free vulnerability in McAfee Agent
https://notcve.org/view.php?id=CVE-2018-6703
11 Dec 2018 — Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. Un uso de memoria previamente liberada en el inicio de sesión remoto (deshabilitado por defecto) en McAfee Agent (MA), en las versiones 5.x anteriores a la 5.60, permite a los atacantes remotos no autenticados provocar una dene... • https://kc.mcafee.com/corporate/index?page=content&id=SB10258 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18817
https://notcve.org/view.php?id=CVE-2018-18817
30 Oct 2018 — The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. Leostream Agent en versiones anteriores a la Build 7.0.1.0 al emplearse con Leostream Connection Broker 8.2.72 o anteriores permite que atacantes remotos modifiquen las claves de registro mediante la API Leostream Agent. • https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8987
https://notcve.org/view.php?id=CVE-2015-8987
14 Mar 2017 — Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server. Vulnerabilidad de ataque Man-in-the-middle (MitM) en los agentes de SO que no son de Mac en McAfee (ahora Intel Security) Agent (MA) 4.8.0 parche 2 y versiones anteriores permite a atacantes hacer que un McAfee Agent hable con otro servidor ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10101 • CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 2CVE-2016-3984 – McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass
https://notcve.org/view.php?id=CVE-2016-3984
08 Apr 2016 — The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.152... • https://www.exploit-db.com/exploits/39531 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3627
https://notcve.org/view.php?id=CVE-2013-3627
05 Oct 2013 — FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request. FrameworkService.exe en McAfee Framework Service de McAfee Managed Agent (MA) anterior a la versión 4.5.0.1927 y 4.6 anterior a 4.6.0.3258 permite a atacantes remotos provocar una denegación de servicio (cuelgue del servicio) a través de peticiones HTTP malformadas. • http://www.kb.cert.org/vuls/id/613886 • CWE-399: Resource Management Errors •
CVSS: 8.4EPSS: 30%CPEs: 9EXPL: 3CVE-2008-1357 – McAfee Framework ePolicy 3.x - Orchestrator '_naimcomn_Log' Remote Format String
https://notcve.org/view.php?id=CVE-2008-1357
17 Mar 2008 — Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8. Vulnerabilidad en el formato de cadena en la función logDetail de applib.dlld en McAfee... • https://www.exploit-db.com/exploits/31399 • CWE-134: Use of Externally-Controlled Format String •