Vulnerabilities (CVE)

Filtered by vendor Mcafee Subscribe
Total 603 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1838 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2014-8518 1 Mcafee 2 Endpoint Encryption For Files And Folders, File And Removable Media Protection 2025-04-12 2.1 LOW N/A
The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, and Endpoint Encryption for Files and Folders (EEFF) 3.2.x through 4.2.x, uses a hard-coded salt, which makes it easier for local users to obtain passwords via a brute force attack.
CVE-2016-1833 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2015-1305 2 Mcafee, Microsoft 2 Data Loss Prevention Endpoint, Windows Xp 2025-04-12 6.9 MEDIUM N/A
McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.
CVE-2015-2758 1 Mcafee 1 Data Loss Prevention Endpoint 2025-04-12 6.5 MEDIUM N/A
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL.
CVE-2014-8525 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 5.0 MEDIUM N/A
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2016-1839 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2014-8537 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 2.1 LOW N/A
McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs.
CVE-2014-8529 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 2.1 LOW N/A
McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2014-8534 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 2.1 LOW N/A
Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field.
CVE-2015-1619 1 Mcafee 1 Email Gateway 2025-04-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages.
CVE-2016-4472 4 Canonical, Libexpat Project, Mcafee and 1 more 4 Ubuntu Linux, Libexpat, Policy Auditor and 1 more 2025-04-12 6.8 MEDIUM 8.1 HIGH
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
CVE-2014-8523 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-8528 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 2.1 LOW N/A
McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log.
CVE-2016-1715 2 Mcafee, Microsoft 2 Application Control, Windows 2025-04-12 5.5 MEDIUM 6.6 MEDIUM
The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location.
CVE-2015-8773 1 Mcafee 1 File Lock 2025-04-12 7.8 HIGH 7.5 HIGH
Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call.
CVE-2016-4535 1 Mcafee 1 Livesafe 2025-04-12 7.8 HIGH 7.5 HIGH
Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable.
CVE-2015-8577 1 Mcafee 1 Virusscan Enterprise 2025-04-12 2.6 LOW N/A
The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
CVE-2014-8521 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8522 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 7.5 HIGH N/A
The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access.