CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3969
https://notcve.org/view.php?id=CVE-2016-3969
Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email. Vulnerabilidad de XSS en McAfee Email Gateway (MEG) 7.6.x en versiones anteriores a 7.6.404, cuando File Filtering está habilitado con la acción establecida a ESERVICES:REPLACE, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un archivo adjunto en un correo electrónico bloqueado. • http://www.securitytracker.com/id/1035470 https://kc.mcafee.com/corporate/index?page=content&id=SB10153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 31EXPL: 1CVE-2016-1762 – libxml2: Heap-based buffer-overread in xmlNextChar
https://notcve.org/view.php?id=CVE-2016-1762
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlNextChar en libxml2 en versiones anteriores a 2.9.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica) a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2199
https://notcve.org/view.php?id=CVE-2016-2199
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. Múltiples vulnerabilidades de CSRF en la página de gestión Organizations and Remediation en Enterprise Manager en McAfee Vulnerability Manager (MVM) en versiones anteriores a 7.5.10 permiten a atacantes remotos secuestrar la autenticación de administradores por peticiones que tienen un impacto no especificado a través de vectores desconocidos. • https://kc.mcafee.com/corporate/index?page=content&id=SB10147 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8773
https://notcve.org/view.php?id=CVE-2015-8773
Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call. Desbordamiento de buffer basado en pila en McPvDrv.sys 4.6.111.0 en McAfee File Lock 5.x en McAfee Total Protection permite a atacantes causar una denegación de servicio (caída de sistema) a través de un almacén de datos seguro GUID largo en una llamada ioctl. • http://seclists.org/fulldisclosure/2016/Jan/92 https://www.nettitude.co.uk/mcafee-file-lock-driver-kernel-stack-based-bof • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8772
https://notcve.org/view.php?id=CVE-2015-8772
McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call. McPvDrv.sys 4.6.111.0 en McAfee File Lock 5.x en McAfee Total Protection permite a usuarios locales obtener información sensible de la memoria del kernel o causar una denegación de servicio (caída de sistema) a través de un valor VERIFY_INFORMATION.Length grande en una llamada IOCTL_DISK_VERIFY ioctl. • http://seclists.org/fulldisclosure/2016/Jan/90 https://www.nettitude.co.uk/mcafee-file-lock-driver-kernel-memory-leak • CWE-19: Data Processing Errors •