Mcafee Common Management Agent vulnerabilities

5 known vulnerabilities affecting mcafee/common_management_agent.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2009-5115MEDIUMCVSS 6.5v3.5.5.438v3.5.5.568+10 more2012-08-22
CVE-2009-5115 [MEDIUM] CWE-264 CVE-2009-5115: McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object.
nvd
CVE-2006-5273HIGHCVSS 7.6≤ 3.6.0.453v3.6.0.4382007-07-12
CVE-2006-5273 [HIGH] CVE-2006-5273: Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 a Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet.
nvd
CVE-2006-5272HIGHCVSS 7.5≤ 3.6.0.4532007-07-12
CVE-2006-5272 [HIGH] CVE-2006-5272: Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet.
nvd
CVE-2006-5274HIGHCVSS 7.6v3.6.0.4382007-07-12
CVE-2006-5274 [HIGH] CVE-2006-5274: Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, an Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.
nvd
CVE-2005-4505HIGHCVSS 7.2PoCv3.52005-12-23
CVE-2005-4505 [HIGH] CVE-2005-4505: Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3. Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.
nvd