CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25134
https://notcve.org/view.php?id=CVE-2023-25134
21 Mar 2023 — McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24577
https://notcve.org/view.php?id=CVE-2023-24577
13 Mar 2023 — McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24578
https://notcve.org/view.php?id=CVE-2023-24578
13 Mar 2023 — McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24579
https://notcve.org/view.php?id=CVE-2023-24579
13 Mar 2023 — McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43751
https://notcve.org/view.php?id=CVE-2022-43751
22 Nov 2022 — McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges. McAfee Total Protection anterior a la versión 16.0.49 contiene una vulnerabilidad de elemento de ruta de búsqueda no controlada debido al uso de una variable que apunta a un subdirectorio que puede ser co... • https://mcafee.com • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0280 – McAfee Total Protection (MTP) - File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2022-0280
10 Mar 2022 — A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them. Se presenta una vulnerabilidad de condición de carrera en la función QuickClean de McAfee Total Protection para Windows vers... • https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23877 – McAfee Total Protection (MTP) - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2021-23877
26 Oct 2021 — Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP. Una vulnerabilidad de escalada de privilegios en el instalador de prueba de Windows de McAfee Total Protection (MTP) versiones anteriores a 16.0.34_x, puede permitir a un usuario local ejecutar código arbitrario como usuario admini... • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS103215 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23872 – Privilege Escalation vulnerability in McAfee Total Protection (MTP)
https://notcve.org/view.php?id=CVE-2021-23872
12 May 2021 — Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface. Una vulnerabilidad de escalada de privilegios en el componente File Lock de McAfee Total Protection (MTP) anterior a versión 16.0.32, permite a un usuario local alcanzar privilegios elevados al manipular un enlace simbólico en la interfaz de IOTL • http://service.mcafee.com/FAQDocument.aspx?&id=TS103146 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23891 – Privilege Escalation vulnerability in McAfee Total Protection (MTP)
https://notcve.org/view.php?id=CVE-2021-23891
12 May 2021 — Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense. Una vulnerabilidad de Escalada de Privilegios en McAfee Total Protection (MTP) versiones anteriores a 16.0.32, permite a un usuario local alcanzar privilegios elevados al hacerse pasar por un token de cliente, lo que podría conllevar a omitir una autodefensa de MTP • http://service.mcafee.com/FAQDocument.aspx?&id=TS103146 • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23874 – McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2021-23874
10 Feb 2021 — Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. Una vulnerabilidad de ejecución arbitraria de procesos en McAfee Total Protection (MTP) versiones anteriores a 16.0.30, permite a un usuario local alcanzar privilegios elevados y ejecutar código arbitrario omitiendo la autodefensa de MTP McAfee Total Protection (MTP) contains an improper privilege management vulnera... • http://service.mcafee.com/FAQDocument.aspx?&id=TS103114 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •