CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37025
https://notcve.org/view.php?id=CVE-2022-37025
18 Aug 2022 — An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file. Una vulnerabilidad de administración de privilegios inapropiada en McAfee Security Scan Plus (MSS+) versiones anteriores a 4.1.262.1 podría perm... • https://attack.mitre.org/techniques/T1218 • CWE-269: Improper Privilege Management •
CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2017-4028 – SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability
https://notcve.org/view.php?id=CVE-2017-4028
03 Apr 2018 — Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. Vulnerabilidad de registro maliciosamente configurado en todos los productos Microsoft Windows en productos para consumidores y empresas de McAfee permite que un administrador inyecte código arbitrario en un proceso McAffee depurado mediante la manipulación de parám... • http://www.securityfocus.com/bid/97958 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 8%CPEs: 2EXPL: 1CVE-2017-3897 – McAfee Security Scan Plus - Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-3897
01 Sep 2017 — A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. Una vulnerabilidad de inyección de código en el mecanismo de autenticación no basado en certificados en McAfee Live Safe en versiones anteriores a la 16.0.3 y McAfee Security Scan Plus (MSS+) en versiones anteriores a la 3.1... • https://www.exploit-db.com/exploits/44067 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-8991
https://notcve.org/view.php?id=CVE-2015-8991
14 Mar 2017 — Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. Vulnerabilidad de ejecución de archivos maliciosos en Intel Security McAfee Security Scan+ (MSS+) en versiones anteriores a 3.11.266.3 permite a los atacantes hacer que el producto sea momentáneamente vulnerable a través ... • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-8993
https://notcve.org/view.php?id=CVE-2015-8993
14 Mar 2017 — Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. Vulnerabilidad de ejecución de archivos maliciosos en Intel Security CloudAV (Beta) en versiones anteriores a 0.5.0.151.3 permite a atacantes hacer que el producto sea momentáneamente vulnerable a través de la ejecución de malware pre... • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8026
https://notcve.org/view.php?id=CVE-2016-8026
14 Mar 2017 — Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. Vulnerabilidad de ejecución de comandos arbitrarios en Intel Security McAfee Security Scan Plus (SSP) 3.11.469 y versiones anteriores permite a usuarios autenticados obtener privilegios elevados a través de vectores no especificados. • http://www.securityfocus.com/bid/98068 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-8992
https://notcve.org/view.php?id=CVE-2015-8992
14 Mar 2017 — Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. Vulnerabilidad de ejecución de archivos maliciosos en Intel Security WebAdvisor en versiones anteriores a 4.0.2, 4.0.1 y 3.7.2 permite a atacantes hacer que el producto sea momentáneamente vulnerable a través de la ejecución de... • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8008
https://notcve.org/view.php?id=CVE-2016-8008
14 Mar 2017 — Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system. Vulnerabilidad de escalada de privilegios en Windows 7 y Windows 10 en McAfee Security Scan Plus (SSP) 3.11.376 permite a atacantes cargar un reemplazo del archivo version.dll a través de McAfee McUICnt.exe en un sistema Windows. • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102593 • CWE-264: Permissions, Privileges, and Access Controls •