CVSS: 6.7EPSS: 0%CPEs: 17EXPL: 0CVE-2020-7337 – Incorrect Permission Assignment for Critical Resource
https://notcve.org/view.php?id=CVE-2020-7337
09 Dec 2020 — Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks. Una vulnerabilidad de Asignación de Permisos Incorrecta de Recursos Críticos en McAfee VirusScan Enterprise (VSE) versiones anteriores a 8.8 Parche 16 permite a administradores locales o... • https://kc.mcafee.com/corporate/index?page=content&id=SB10338 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7266 – Privilege Escalation vulnerability through symbolic links in VSE for Windows
https://notcve.org/view.php?id=CVE-2020-7266
08 May 2020 — Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. Una vulnerabilidad de Escalada de Privilegios en McAfee VirusScan Enterprise (VSE) para Windows versiones anteriores a 8.8 Parche 14 Hotf... • https://kc.mcafee.com/corporate/index?page=content&id=SB10316 • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8030
https://notcve.org/view.php?id=CVE-2016-8030
25 Apr 2017 — A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link. Una vulnerabilidad de corrupción de memoria en el objeto Scriptscan COM en McAfee VirusScan Enterprise 8.8 El parche 8 y versiones anteriores permite a los atacantes remotos crear una denegación de servicio en la pestaña activa de Internet Explorer a través de un enlace HTML. • http://www.securityfocus.com/bid/98041 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.5EPSS: 9%CPEs: 1EXPL: 3CVE-2016-8016 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8016
14 Dec 2016 — Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter. Exposición de información en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y anteriores) permite a atacantes remotos autenticados obtener la existencia de archivos no autorizados en el sistema a través de un parámetro de URL. McAfee Virus Scan Enterprise for Linux suffers from a remote cod... • https://packetstorm.news/files/id/140147 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.1EPSS: 14%CPEs: 1EXPL: 2CVE-2016-8017 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8017
14 Dec 2016 — Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input. Vulnerabilidad de inyección de elementos especiales en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y anteriores) permite a atacantes remotos autenticados leer archivos en el servidor web a través de una entrada de usuario manipulada. McAfee Virus Scan Enterprise for Linux suffers from a remot... • https://packetstorm.news/files/id/140147 • CWE-20: Improper Input Validation •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 2CVE-2016-8018 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8018
14 Dec 2016 — Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input. Vulnerabilidad de CSRF en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y anteriores) permite a atacantes remotos autenticados ejecutar comandos no autorizados a través de una entrada de usuario manipulada. McAfee Virus Scan Enterprise for Linux suffers from a remote code execution vu... • https://packetstorm.news/files/id/140147 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2016-8019 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8019
14 Dec 2016 — Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input. Vulnerabilidad de XSS en atributos en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y anteriores) permite a atacantes remotos no autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una entrada de usuario manipulada. McAfee Virus Scan Enterpri... • https://packetstorm.news/files/id/140147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 2%CPEs: 1EXPL: 2CVE-2016-8020 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8020
14 Dec 2016 — Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. Vulnerabilidad de control inapropiado de generación de código en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y versiones anteriores) permite a usuarios autenticados ejecutar código arbitrario a través de un parámetro de petición HTTP manipulado. McAfee Virus Scan Enterprise fo... • https://packetstorm.news/files/id/140147 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2CVE-2016-8021 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8021
14 Dec 2016 — Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file. Vulnerabilidad de verificación inapropiada de firma criptográfica en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y versiones anteriores) permite a usuarios remotos autenticados suplantar el servidor de actualización y ejecutar código arbitrario a través d... • https://packetstorm.news/files/id/140147 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 2CVE-2016-8022 – McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8022
14 Dec 2016 — Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie. Vulnerabilidad de elusión de autenticación mediante suplantación de identidad en Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (y versiones anteriores) permite a atacantes remotos no autenticados ejecutar código arbitrario o provocar una denegación del... • https://packetstorm.news/files/id/140147 • CWE-287: Improper Authentication •