Filtered by vendor Mcafee
Subscriptions
Total
606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3712 | 8 Debian, Mcafee, Netapp and 5 more | 36 Debian Linux, Epolicy Orchestrator, Clustered Data Ontap and 33 more | 2026-04-16 | 7.4 High |
| ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). | ||||
| CVE-2021-23840 | 8 Debian, Fujitsu, Mcafee and 5 more | 31 Debian Linux, M10-1, M10-1 Firmware and 28 more | 2026-04-16 | 7.5 High |
| Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | ||||
| CVE-2004-1906 | 1 Mcafee | 1 Freescan | 2026-04-16 | N/A |
| Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow. | ||||
| CVE-2005-2186 | 1 Mcafee | 1 Intrushield Security Management System | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp. | ||||
| CVE-2001-0612 | 1 Mcafee | 1 Remote Desktop 32 | 2026-04-16 | N/A |
| McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045. | ||||
| CVE-2005-0644 | 1 Mcafee | 1 Antivirus Engine | 2026-04-16 | N/A |
| Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643. | ||||
| CVE-2006-0559 | 1 Mcafee | 1 Webshield Smtp | 2026-04-16 | N/A |
| Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed. | ||||
| CVE-2005-3377 | 1 Mcafee | 1 Internet Security Suite | 2026-04-16 | N/A |
| Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 10 with the 4400 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | ||||
| CVE-2006-0982 | 1 Mcafee | 1 Virex | 2026-04-16 | N/A |
| The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file. | ||||
| CVE-2004-0932 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2026-04-16 | N/A |
| McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | ||||
| CVE-2005-3657 | 1 Mcafee | 2 Mcinsctl.dll, Virusscan Security Center | 2026-04-16 | N/A |
| The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object. | ||||
| CVE-2005-4505 | 1 Mcafee | 2 Common Management Agent, Virusscan Enterprise | 2026-04-16 | N/A |
| Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path. | ||||
| CVE-2006-3575 | 1 Mcafee | 1 Virusscan | 2026-04-16 | N/A |
| Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) "Process name", (2) "Module name", or (3) "API name" fields. | ||||
| CVE-2004-0038 | 1 Mcafee | 1 Epolicy Orchestrator | 2026-04-16 | N/A |
| McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81. | ||||
| CVE-2003-0148 | 1 Mcafee | 1 Epolicy Orchestrator | 2026-04-16 | N/A |
| The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell. | ||||
| CVE-2006-3961 | 1 Mcafee | 9 Antispyware, Internet Security Suite, Personal Firewall Plus and 6 more | 2026-04-16 | N/A |
| Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf. | ||||
| CVE-2005-1107 | 1 Mcafee | 1 Internet Security Suite | 2026-04-16 | N/A |
| McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files. | ||||
| CVE-2005-2187 | 1 Mcafee | 1 Intrushield Security Management System | 2026-04-16 | N/A |
| McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp. | ||||
| CVE-2004-1908 | 1 Mcafee | 1 Freescan | 2026-04-16 | N/A |
| McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows remote attackers to obtain sensitive information via the GetSpecialFolderLocation function with certain parameters. | ||||
| CVE-2005-0643 | 1 Mcafee | 1 Antivirus Engine | 2026-04-16 | N/A |
| Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files. | ||||