CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0978
https://notcve.org/view.php?id=CVE-2023-0978
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack • https://kcm.trellix.com/corporate/index?page=content&id=SB10397 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24577
https://notcve.org/view.php?id=CVE-2023-24577
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html https://www.mcafee.com/support/?articleId=TS103397&page=shell&shell=article-view • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24578
https://notcve.org/view.php?id=CVE-2023-24578
McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html https://www.mcafee.com/support/?articleId=TS103397&page=shell&shell=article-view • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24579
https://notcve.org/view.php?id=CVE-2023-24579
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html https://www.mcafee.com/support/?articleId=TS103397&page=shell&shell=article-view •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0221
https://notcve.org/view.php?id=CVE-2023-0221
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. • https://kcm.trellix.com/corporate/index?page=content&id=SB10370 • CWE-269: Improper Privilege Management •