Export limit exceeded: 338277 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75956 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75956 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3670 | 1 Mcafee | 1 Web Advisor | 2024-11-21 | 8 High |
| Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | ||||
| CVE-2019-3661 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 8.1 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | ||||
| CVE-2019-3660 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 8.4 High |
| Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | ||||
| CVE-2019-3651 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 8.8 High |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | ||||
| CVE-2019-3644 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2024-11-21 | 7.5 High |
| McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. | ||||
| CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 8.1 High |
| Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | ||||
| CVE-2019-3636 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2024-11-21 | 7.5 High |
| A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. | ||||
| CVE-2019-3632 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 8.8 High |
| Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. | ||||
| CVE-2019-3631 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 7.2 High |
| Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | ||||
| CVE-2019-3630 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 7.2 High |
| Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | ||||
| CVE-2019-3628 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 8.8 High |
| Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. | ||||
| CVE-2019-3622 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 8.2 High |
| Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links. | ||||
| CVE-2019-3617 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.5 High |
| Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files. | ||||
| CVE-2019-3599 | 1 Mcafee | 1 Agent | 2024-11-21 | 7.5 High |
| Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled. | ||||
| CVE-2019-3586 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 7.5 High |
| Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection. | ||||
| CVE-2019-3585 | 1 Mcafee | 1 Virusscan Enterprise | 2024-11-21 | 7 High |
| Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges. | ||||
| CVE-2019-3569 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 High |
| HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. | ||||
| CVE-2019-3565 | 1 Facebook | 1 Thrift | 2024-11-21 | 7.5 High |
| Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00. | ||||
| CVE-2019-3564 | 1 Facebook | 1 Thrift | 2024-11-21 | 7.5 High |
| Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00. | ||||
| CVE-2019-3559 | 1 Facebook | 1 Thrift | 2024-11-21 | 7.5 High |
| Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | ||||