CVSS: 6.7EPSS: 0%CPEs: 17EXPL: 0CVE-2020-7337 – Incorrect Permission Assignment for Critical Resource
https://notcve.org/view.php?id=CVE-2020-7337
09 Dec 2020 — Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks. Una vulnerabilidad de Asignación de Permisos Incorrecta de Recursos Críticos en McAfee VirusScan Enterprise (VSE) versiones anteriores a 8.8 Parche 16 permite a administradores locales o... • https://kc.mcafee.com/corporate/index?page=content&id=SB10338 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-7280 – Symbolic Link vulnerability during DAT update
https://notcve.org/view.php?id=CVE-2020-7280
10 Jun 2020 — Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent. Una vulnerabilidad de escalada de privilegios durante las actualizaciones de DAT diarias cuando se usa McAfee Virus Scan Enterprise (VSE) versiones anteriores a 8.8 Parche 15, permite a usuarios locales ca... • https://kc.mcafee.com/corporate/index?page=content&id=SB10302 • CWE-269: Improper Privilege Management •
CVSS: 6.9EPSS: 0%CPEs: 14EXPL: 0CVE-2019-3588 – Using VSE to bypass Windows Credentials on Lock screen
https://notcve.org/view.php?id=CVE-2019-3588
10 Jun 2020 — Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked. Una vulnerabilidad de Escalada de Privilegios en el cliente (McTray.exe) de Microsoft Windows en McAfee VirusScan Enterprise (VSE) versión 8.8 anterior al Parche 14 puede permitir que usuarios no autorizados interactúen con On-Access Scan M... • https://kc.mcafee.com/corporate/index?page=content&id=SB10302 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-3585 – VSE Escalation of Privileges through Alert pop-up window
https://notcve.org/view.php?id=CVE-2019-3585
10 Jun 2020 — Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges. Una vulnerabilidad de Escalada de Privilegios en el cliente (McTray.exe) de Microsoft Windows en McAfee VirusScan Enterprise (VSE) versión 8.8 anterior al parche 14 puede permitir que los usuarios locales interact... • https://kc.mcafee.com/corporate/index?page=content&id=SB10302 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-7267 – Privilege Escalation vulnerability through symbolic links in VSEL
https://notcve.org/view.php?id=CVE-2020-7267
08 May 2020 — Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. Una vulnerabilidad de Escalada de Privilegios en McAfee VirusScan Enterprise (VSE) para Linux versiones anteriores a 2.0.3 Hotfix 2635000, permit... • https://kc.mcafee.com/corporate/index?page=content&id=SB10316 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6674 – Privilege escalation vulnerability in McAfee VSE when McTray run with elevated privileges
https://notcve.org/view.php?id=CVE-2018-6674
25 May 2018 — Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). Vulnerabilidad de escalada de privilegios en el cliente (McTray.exe) de Microsoft Windows en VirusScan Enterprise (VSE) de McAfee versión 8.8 anterior a parche 13, permite a los ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10237 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8030
https://notcve.org/view.php?id=CVE-2016-8030
25 Apr 2017 — A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link. Una vulnerabilidad de corrupción de memoria en el objeto Scriptscan COM en McAfee VirusScan Enterprise 8.8 El parche 8 y versiones anteriores permite a los atacantes remotos crear una denegación de servicio en la pestaña activa de Internet Explorer a través de un enlace HTML. • http://www.securityfocus.com/bid/98041 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.0EPSS: 1%CPEs: 2EXPL: 4CVE-2016-4534 – McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass
https://notcve.org/view.php?id=CVE-2016-4534
05 May 2016 — The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles. La McAfee VirusScan Console (mcconsol.exe) en McAfee VirusScan Enterprise 8.8.0 en versiones anteriores a Hotfix 1123565 (8.8.0.1546) sobre Windows permite a administradores locales eludir reglas destinadas a la autoprotección y desbloquear la ventana de co... • https://www.exploit-db.com/exploits/39531 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 2CVE-2016-3984 – McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass
https://notcve.org/view.php?id=CVE-2016-3984
08 Apr 2016 — The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.152... • https://www.exploit-db.com/exploits/39531 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8577
https://notcve.org/view.php?id=CVE-2015-8577
16 Dec 2015 — The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. La funcionalidad Buffer Overflow Protection (BOP) en McAfee VirusScan Enterprise en versiones anteriores a 8.8 Patch 6 asigna la memoria con permisos Read, Write, Execute (RWX) ... • http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations • CWE-264: Permissions, Privileges, and Access Controls •