CVSS: 6.7EPSS: 0%CPEs: 17EXPL: 0CVE-2020-7337 – Incorrect Permission Assignment for Critical Resource
https://notcve.org/view.php?id=CVE-2020-7337
09 Dec 2020 — Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks. Una vulnerabilidad de Asignación de Permisos Incorrecta de Recursos Críticos en McAfee VirusScan Enterprise (VSE) versiones anteriores a 8.8 Parche 16 permite a administradores locales o... • https://kc.mcafee.com/corporate/index?page=content&id=SB10338 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-7280 – Symbolic Link vulnerability during DAT update
https://notcve.org/view.php?id=CVE-2020-7280
10 Jun 2020 — Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent. Una vulnerabilidad de escalada de privilegios durante las actualizaciones de DAT diarias cuando se usa McAfee Virus Scan Enterprise (VSE) versiones anteriores a 8.8 Parche 15, permite a usuarios locales ca... • https://kc.mcafee.com/corporate/index?page=content&id=SB10302 • CWE-269: Improper Privilege Management •
CVSS: 6.9EPSS: 0%CPEs: 14EXPL: 0CVE-2019-3588 – Using VSE to bypass Windows Credentials on Lock screen
https://notcve.org/view.php?id=CVE-2019-3588
10 Jun 2020 — Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked. Una vulnerabilidad de Escalada de Privilegios en el cliente (McTray.exe) de Microsoft Windows en McAfee VirusScan Enterprise (VSE) versión 8.8 anterior al Parche 14 puede permitir que usuarios no autorizados interactúen con On-Access Scan M... • https://kc.mcafee.com/corporate/index?page=content&id=SB10302 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-3585 – VSE Escalation of Privileges through Alert pop-up window
https://notcve.org/view.php?id=CVE-2019-3585
10 Jun 2020 — Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges. Una vulnerabilidad de Escalada de Privilegios en el cliente (McTray.exe) de Microsoft Windows en McAfee VirusScan Enterprise (VSE) versión 8.8 anterior al parche 14 puede permitir que los usuarios locales interact... • https://kc.mcafee.com/corporate/index?page=content&id=SB10302 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-7267 – Privilege Escalation vulnerability through symbolic links in VSEL
https://notcve.org/view.php?id=CVE-2020-7267
08 May 2020 — Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. Una vulnerabilidad de Escalada de Privilegios en McAfee VirusScan Enterprise (VSE) para Linux versiones anteriores a 2.0.3 Hotfix 2635000, permit... • https://kc.mcafee.com/corporate/index?page=content&id=SB10316 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7266 – Privilege Escalation vulnerability through symbolic links in VSE for Windows
https://notcve.org/view.php?id=CVE-2020-7266
08 May 2020 — Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. Una vulnerabilidad de Escalada de Privilegios en McAfee VirusScan Enterprise (VSE) para Windows versiones anteriores a 8.8 Parche 14 Hotf... • https://kc.mcafee.com/corporate/index?page=content&id=SB10316 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6674 – Privilege escalation vulnerability in McAfee VSE when McTray run with elevated privileges
https://notcve.org/view.php?id=CVE-2018-6674
25 May 2018 — Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). Vulnerabilidad de escalada de privilegios en el cliente (McTray.exe) de Microsoft Windows en VirusScan Enterprise (VSE) de McAfee versión 8.8 anterior a parche 13, permite a los ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10237 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8030
https://notcve.org/view.php?id=CVE-2016-8030
25 Apr 2017 — A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link. Una vulnerabilidad de corrupción de memoria en el objeto Scriptscan COM en McAfee VirusScan Enterprise 8.8 El parche 8 y versiones anteriores permite a los atacantes remotos crear una denegación de servicio en la pestaña activa de Internet Explorer a través de un enlace HTML. • http://www.securityfocus.com/bid/98041 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.5EPSS: 13%CPEs: 1EXPL: 3CVE-2016-8016 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8016
14 Dec 2016 — Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter. Exposición de información en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y anteriores) permite a atacantes remotos autenticados obtener la existencia de archivos no autorizados en el sistema a través de un parámetro de URL. McAfee Virus Scan Enterprise for Linux suffers from a remote cod... • https://packetstorm.news/files/id/140147 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.1EPSS: 20%CPEs: 1EXPL: 2CVE-2016-8017 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8017
14 Dec 2016 — Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input. Vulnerabilidad de inyección de elementos especiales en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y anteriores) permite a atacantes remotos autenticados leer archivos en el servidor web a través de una entrada de usuario manipulada. McAfee Virus Scan Enterprise for Linux suffers from a remot... • https://packetstorm.news/files/id/140147 • CWE-20: Improper Input Validation •