McAfee — Vulnerabilities & Security Advisories 106

Browse all 106 CVE security advisories affecting McAfee. AI-powered Chinese analysis, POCs, and references for each vulnerability.

McAfee operates as a prominent cybersecurity vendor, primarily providing endpoint protection and threat intelligence services to enterprise and consumer markets. Its software portfolio, encompassing antivirus solutions and network security appliances, has historically been susceptible to critical flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These defects often stem from complex codebases and legacy components within its extensive suite of security tools. Notable incidents include significant data breaches affecting customer information and internal systems, highlighting risks associated with centralized security infrastructure. With over one hundred recorded Common Vulnerabilities and Exposures, the company faces ongoing scrutiny regarding its patch management and secure development practices. These recurring issues underscore the challenges inherent in maintaining robust security postures for large-scale, widely deployed enterprise software, necessitating rigorous third-party audits and continuous vulnerability remediation to mitigate potential exploitation by threat actors.

CVE ID	Title	CVSS	Severity	Published
CVE-2019-3640	Data Loss Prevention - Unprotected Transport of Credentials — Data Loss Prevention	4.8	Medium	2019-11-14
CVE-2019-3663	Advanced Threat Defense (ATD) - Unprotected storage of shared credentials vulnerability — Advanced Threat Defense (ATD)	9.8	Critical	2019-11-13
CVE-2019-3662	Advanced Threat Defense (ATD) - Path Traversal: '/absolute/pathname/here' vulnerability — Advanced Threat Defense (ATD)	6.5	Medium	2019-11-13
CVE-2019-3661	Advanced Threat Defense (ATD) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') — Advanced Threat Defense (ATD)	8.1	High	2019-11-13
CVE-2019-3660	Advanced Threat Defense (ATD) - Improper Neutralization of HTTP requests — Advanced Threat Defense (ATD)	8.4	High	2019-11-13
CVE-2019-3650	Advanced Threat Defense (ATD) - Information Disclosure vulnerability — Advanced Threat Defense (ATD)	5.3	Medium	2019-11-13
CVE-2019-3651	Advanced Threat Defense (ATD) - Information Disclosure vulnerability — Advanced Threat Defense (ATD)	8.8	High	2019-11-13
CVE-2019-3649	Advanced Threat Defense (ATD) - Information Disclosure vulnerability — Advanced Threat Defense (ATD)	5.3	Medium	2019-11-13
CVE-2019-3638	Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability — Web Gateway(MWG)	8.1	High	2019-09-12
CVE-2019-3584	Exploitation of Authentication vulnerability — MVision Endpoint	6.0	-	2019-01-23
CVE-2019-3587	DLL Search Order Hijacking vulnerability — Total Protection (MTP)	6.5	-	2019-01-23
CVE-2019-3581	McAfee Web Gateway denial of service attack due to Improper Input Validation — McAfee Web GatewayCWE-20	7.5	-	2019-01-09
CVE-2018-6668	Bypass Application Control with simple DLL — Application and Change Control	8.4	-	2018-12-31
CVE-2018-6669	Bypass Application Control through an ASP.NET form — Application and Change Control	8.3	-	2018-12-20
CVE-2018-6707	McAfee Agent Insecure usage of temporary files vulnerability — McAfee Agent (MA) non-Windows non-Windows versions	7.0	-	2018-12-13
CVE-2018-6706	McAfee Agent (MA) non-Windows versions incorrect use of temporary file vulnerability — McAfee Agent (MA) for LinuxCWE-377	6.2	-	2018-12-12
CVE-2018-6704	McAfee Agent for Linux Privilege Escalation vulnerability — McAfee Agent (MA) for LinuxCWE-377	7.8	-	2018-12-12
CVE-2018-6705	McAfee Agent (MA) for Linux Privilege Escalation vulnerability — McAfee Agent (MA) for LinuxCWE-377	7.8	-	2018-12-12
CVE-2018-6755	True Key (TK) Windows Client - Weak Directory Permission Vulnerability — True Key	7.8	-	2018-12-06
CVE-2018-6756	True Key (TK) Windows Client - Authentication Abuse vulnerability — True Key	7.8	-	2018-12-06
CVE-2018-6757	True Key (TK) Windows Client - Privilege Escalation vulnerability — True Key	7.8	-	2018-12-06
CVE-2018-6695	Threat Intelligence Exchange Server (TIE Server) SSH host keys generation vulnerability — Threat Intelligence Exchange Server (TIE Server)	5.9	-	2018-10-03
CVE-2018-6689	Data Loss Prevention Endpoint (DLPe) - Authentication Bypass vulnerability — Data Loss Prevention Endpoint (DLPe)	7.8	-	2018-10-03
CVE-2018-6700	True Key (TK) - DLL Search Order Hijacking vulnerability — True Key (TK)	7.8	-	2018-09-24
CVE-2018-6682	True Key (TK) - Cross Site Scripting Exposure — True Key (TK)	5.4	-	2018-09-24
CVE-2017-3912	McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass — McAfee Application Control and Change Control (MACC)CWE-274	7.8	-	2018-09-18
CVE-2018-6690	McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC — McAfee Application Control (MAC)	7.8	-	2018-09-18
CVE-2018-6693	Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability — Endpoint Security for Linux Threat Prevention (ENSLTP)CWE-363	6.3	-	2018-09-18
CVE-2018-6686	Drive Encryption (MDE) - Authentication Bypass vulnerability — Drive Encryption (MDE)	6.6	-	2018-07-27
CVE-2018-6683	- Data Loss Prevention (DLP) for Windows - Exploiting Incorrectly Configured Access Control Security Levels vulnerability — Data Loss Prevention (DLP) for Windows	7.4	-	2018-07-23

This page lists every published CVE security advisory associated with McAfee. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

McAfee — Vulnerabilities & Security Advisories 106