Export limit exceeded: 334049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75075 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3644 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2024-11-21 | 7.5 High |
| McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. | ||||
| CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 8.1 High |
| Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | ||||
| CVE-2019-3636 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2024-11-21 | 7.5 High |
| A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. | ||||
| CVE-2019-3632 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 8.8 High |
| Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. | ||||
| CVE-2019-3631 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 7.2 High |
| Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | ||||
| CVE-2019-3630 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 7.2 High |
| Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | ||||
| CVE-2019-3628 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 8.8 High |
| Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. | ||||
| CVE-2019-3622 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 8.2 High |
| Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links. | ||||
| CVE-2019-3617 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.5 High |
| Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files. | ||||
| CVE-2019-3599 | 1 Mcafee | 1 Agent | 2024-11-21 | 7.5 High |
| Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled. | ||||
| CVE-2019-3586 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 7.5 High |
| Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection. | ||||
| CVE-2019-3585 | 1 Mcafee | 1 Virusscan Enterprise | 2024-11-21 | 7 High |
| Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges. | ||||
| CVE-2019-3569 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 High |
| HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. | ||||
| CVE-2019-3565 | 1 Facebook | 1 Thrift | 2024-11-21 | 7.5 High |
| Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00. | ||||
| CVE-2019-3564 | 1 Facebook | 1 Thrift | 2024-11-21 | 7.5 High |
| Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00. | ||||
| CVE-2019-3559 | 1 Facebook | 1 Thrift | 2024-11-21 | 7.5 High |
| Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | ||||
| CVE-2019-3558 | 1 Facebook | 1 Thrift | 2024-11-21 | 7.5 High |
| Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | ||||
| CVE-2019-3556 | 1 Facebook | 1 Hhvm | 2024-11-21 | 8.1 High |
| HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0. | ||||
| CVE-2019-3553 | 1 Facebook | 1 Thrift | 2024-11-21 | 7.5 High |
| C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00. | ||||
| CVE-2019-3552 | 1 Facebook | 1 Thrift | 2024-11-21 | 7.5 High |
| C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | ||||