Mcafee Virusscan Enterprise vulnerabilities
28 known vulnerabilities affecting mcafee/virusscan_enterprise.
Total CVEs
28
CISA KEV
0
Public exploits
13
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM10LOW6
Vulnerabilities
Page 1 of 2
CVE-2016-8023P2HIGHCVSS 8.1PoC≤ 2.0.32017-03-14
CVE-2016-8023 [HIGH] CWE-287 CVE-2016-8023: Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
nvd
CVE-2016-8022P2HIGHCVSS 7.5PoC≤ 2.0.32017-03-14
CVE-2016-8022 [HIGH] CWE-287 CVE-2016-8022: Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL)
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.
nvd
CVE-2016-8024P3HIGHCVSS 8.1PoC≤ 2.0.32017-03-14
CVE-2016-8024 [HIGH] CWE-113 CVE-2016-8024: Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
nvd
CVE-2016-8020P3HIGHCVSS 8.0PoC≤ 2.0.32017-03-14
CVE-2016-8020 [HIGH] CWE-94 CVE-2016-8020: Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (V
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
nvd
CVE-2016-8025P3MEDIUMCVSS 6.2PoC≤ 2.0.32017-03-14
CVE-2016-8025 [MEDIUM] CWE-89 CVE-2016-8025: SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier)
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
nvd
CVE-2016-8019P3MEDIUMCVSS 6.1PoC≤ 2.0.32017-03-14
CVE-2016-8019 [MEDIUM] CWE-79 CVE-2016-8019: Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
nvd
CVE-2016-8021P4MEDIUMCVSS 5.0PoC≤ 2.0.32017-03-14
CVE-2016-8021 [MEDIUM] CWE-347 CVE-2016-8021: Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterpris
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.
nvd
CVE-2016-8017P4MEDIUMCVSS 4.1PoC≤ 2.0.32017-03-14
CVE-2016-8017 [MEDIUM] CWE-20 CVE-2016-8017: Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (a
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.
nvd
CVE-2005-4505P4HIGHCVSS 7.2PoCv8.0i2005-12-23
CVE-2005-4505 [HIGH] CVE-2005-4505: Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.
nvd
CVE-2016-3984P4MEDIUMCVSS 5.1PoC≤ 8.8.02016-04-08
CVE-2016-3984 [MEDIUM] CWE-284 CVE-2016-3984: The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, En
nvd
CVE-2016-8018P4MEDIUMCVSS 4.3PoC≤ 2.0.32017-03-14
CVE-2016-8018 [MEDIUM] CWE-352 CVE-2016-8018: Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL)
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.
nvd
CVE-2016-8016P4LOWCVSS 3.4PoC≤ 2.0.32017-03-14
CVE-2016-8016 [LOW] CWE-200 CVE-2016-8016: Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows
Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.
nvd
CVE-2009-5118P3CRITICALCVSS 9.3≤ 8.5iv8.0i2012-08-22
CVE-2009-5118 [CRITICAL] CVE-2009-5118: Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to
Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share.
nvd
CVE-2010-3496P3MEDIUMCVSS 6.4v8.5iv8.7i2012-08-22
CVE-2010-3496 [MEDIUM] CWE-264 CVE-2010-3496: McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// U
McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.
nvd
CVE-2020-7280P3HIGHCVSS 7.8v8.82020-06-10
CVE-2020-7280 [HIGH] CWE-269 CVE-2020-7280: Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.
nvd
CVE-2020-7267P3HIGHCVSS 8.4v8.82020-05-08
CVE-2020-7267 [HIGH] CWE-274 CVE-2020-7267: Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hot
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the targ
nvd
CVE-2020-7266P3HIGHCVSS 8.4≥ 1.9.0, < 1.9.2≥ 2.0.0, < 2.0.32020-05-08
CVE-2020-7266 [HIGH] CWE-274 CVE-2020-7266: Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Pat
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on
nvd
CVE-2019-3585P3HIGHCVSS 7.8v8.82020-06-10
CVE-2019-3585 [HIGH] CWE-269 CVE-2019-3585: Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Ente
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.
nvd
CVE-2016-4534P4LOWCVSS 3.0PoCv8.8.02016-05-05
CVE-2016-4534 [LOW] CWE-264 CVE-2016-4534: The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 11235
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.
nvd
CVE-2007-2152P4HIGHCVSS 7.9≤ 8.0i2007-04-19
CVE-2007-2152 [HIGH] CVE-2007-2152: Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows
Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters.
nvd
1 / 2Next →