CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34405
https://notcve.org/view.php?id=CVE-2024-34405
11 Jun 2024 — Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. Validación inadecuada de enlaces profundos en McAfee Security: Antivirus VPN para Android anterior a 8.3.0 podría permitir a un atacante iniciar una URL arbitraria dentro de la aplicación. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-5445
https://notcve.org/view.php?id=CVE-2023-5445
17 Nov 2023 — An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server. Una vulnerabilidad de redireccionamiento abierto en ePolic... • https://kcm.trellix.com/corporate/index?page=content&id=SB10410 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2023-5444 – CSRF in ePO leading to privilege escalation
https://notcve.org/view.php?id=CVE-2023-5444
17 Nov 2023 — A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server. Una vulnerabilidad de Cross Site Request Forgery en ePolicy Orchestrator anterior a 5.10.0 CP1 Actualización 2 permite a un usuario re... • https://kcm.trellix.com/agent/index?page=content&id=SB10410 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40352 – McAfee Safe Connect VPN Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-40352
21 Aug 2023 — McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. McAfee Safe Connect anterior a la versión 2.16.1.126 puede permitir a un adversario con privilegios de sistema conseguir una escalada de privilegios cargando DLLs arbitrarias. This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Safe Connect VPN. An attacker must first obtain the ability to execute low-privileged code o... • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.4EPSS: 0%CPEs: 19EXPL: 0CVE-2023-3946
https://notcve.org/view.php?id=CVE-2023-3946
26 Jul 2023 — A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO. • https://kcm.trellix.com/corporate/index?page=content&id=SB10402 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25134
https://notcve.org/view.php?id=CVE-2023-25134
21 Mar 2023 — McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0978
https://notcve.org/view.php?id=CVE-2023-0978
13 Mar 2023 — A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack • https://kcm.trellix.com/corporate/index?page=content&id=SB10397 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24577
https://notcve.org/view.php?id=CVE-2023-24577
13 Mar 2023 — McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24579
https://notcve.org/view.php?id=CVE-2023-24579
13 Mar 2023 — McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24578
https://notcve.org/view.php?id=CVE-2023-24578
13 Mar 2023 — McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html • CWE-427: Uncontrolled Search Path Element •