CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-6756 – True Key (TK) Windows Client - Authentication Abuse vulnerability
https://notcve.org/view.php?id=CVE-2018-6756
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware. Vulnerabilidad de abuso de autenticación en Microsoft Windows Client en McAfee True Key (TK) 5.1.230.7 permite que usuarios locales ejecuten comandos no autorizados mediante malware especialmente manipulado. McAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McAfee.TrueKey.Service which can result in privilege escalation through executing arbitrary processes or deleting files and directories. • https://www.exploit-db.com/exploits/45961 http://service.mcafee.com/FAQDocument.aspx?&id=TS102872 •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-18311 – perl: Integer overflow leading to buffer overflow in Perl_my_setenv()
https://notcve.org/view.php?id=CVE-2018-18311
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. • http://seclists.org/fulldisclosure/2019/Mar/49 http://www.securityfocus.com/bid/106145 http://www.securitytracker.com/id/1042181 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0010 https://access.redhat.com/errata/RHSA-2019:0109 https://access.redhat.com/errata/RHSA-2019:1790 https://access.redhat.com/errata/RHSA-2019:1942 https://access.redhat.com/errata/RHSA-2019:2400 https:&#x • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-6695 – Threat Intelligence Exchange Server (TIE Server) SSH host keys generation vulnerability
https://notcve.org/view.php?id=CVE-2018-6695
SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment. Vulnerabilidad de generación de claves de host SSH en el servidor en McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x y 2.2.0 permite que atacantes Man-in-the-Middle (MitM) suplanten servidores mediante la adquisición de claves de otro entorno. • https://kc.mcafee.com/corporate/index?page=content&id=SB10253 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6689 – Data Loss Prevention Endpoint (DLPe) - Authentication Bypass vulnerability
https://notcve.org/view.php?id=CVE-2018-6689
Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions. Vulnerabilidad de omisión de autenticación en McAfee Data Loss Prevention Endpoint (DLPe) en versiones 10.0.x anteriores a la 10.0.510 y versiones 11.0.x anteriores a la 11.0.600 permite que los atacantes omitan la protección local de seguridad mediante condiciones específicas. • http://www.securitytracker.com/id/1041908 https://kc.mcafee.com/corporate/index?page=content&id=SB10252 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6700 – True Key (TK) - DLL Search Order Hijacking vulnerability
https://notcve.org/view.php?id=CVE-2018-6700
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware. Vulnerabilidad de secuestro de orden de búsqueda de DLL en Microsoft Windows Client en McAfee True Key (TK) en versiones anteriores a la 5.1.165 permite que usuarios locales ejecuten código arbitrario mediante malware especialmente manipulado. • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846 • CWE-426: Untrusted Search Path •