cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-7337,https://securityvulnerability.io/vulnerability/CVE-2020-7337,Incorrect Permission Assignment for Critical Resource,Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.,"Mcafee, Llc",Virusscan Enterprise (vse),6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-12-09T09:15:00.000Z,0
CVE-2019-3585,https://securityvulnerability.io/vulnerability/CVE-2019-3585,VSE Escalation of Privileges through Alert pop-up window,Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.,"Mcafee, Llc",Mcafee Virusscan Enterprise (vse),7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-06-10T12:15:00.000Z,0
CVE-2020-7280,https://securityvulnerability.io/vulnerability/CVE-2020-7280,Symbolic Link vulnerability during DAT update,Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.,"Mcafee, Llc",Mcafee Virusscan Enterprise (vse),7.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2020-06-10T12:15:00.000Z,0
CVE-2019-3588,https://securityvulnerability.io/vulnerability/CVE-2019-3588,Using VSE to bypass Windows Credentials on Lock screen,Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.,"Mcafee, Llc",Mcafee Virusscan Enterprise (vse),6.3,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2020-06-10T12:15:00.000Z,0
CVE-2020-7267,https://securityvulnerability.io/vulnerability/CVE-2020-7267,Privilege Escalation vulnerability through symbolic links in VSEL,Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.,"Mcafee,llc",Mcafee Virusscan Enterprise (vse) For Linux,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-05-08T13:15:00.000Z,0
CVE-2020-7266,https://securityvulnerability.io/vulnerability/CVE-2020-7266,Privilege Escalation vulnerability through symbolic links in VSE for Windows,Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.,"Mcafee,llc",Mcafee Virusscan Enterprise (vse) For Windows,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-05-08T12:15:00.000Z,0
CVE-2018-6674,https://securityvulnerability.io/vulnerability/CVE-2018-6674,Privilege escalation vulnerability in McAfee VSE when McTray run with elevated privileges,Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).,"Mcafee, Llc",Virusscan Enterprise (vse),6.8,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-05-25T13:00:00.000Z,0
CVE-2016-8030,https://securityvulnerability.io/vulnerability/CVE-2016-8030,,A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link.,Mcafee,Virusscan Enterprise,4.3,MEDIUM,0.0016499999910593033,false,,false,false,false,,,false,false,,2017-04-25T16:00:00.000Z,0
CVE-2016-4534,https://securityvulnerability.io/vulnerability/CVE-2016-4534,,The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.,Mcafee,"Virusscan Enterprise,Windows",3,LOW,0.0015699999639764428,false,,false,false,false,,,false,false,,2016-05-05T18:00:00.000Z,0
CVE-2016-3984,https://securityvulnerability.io/vulnerability/CVE-2016-3984,,"The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.",Mcafee,"Data Loss Prevention Endpoint,Agent,Virusscan Enterprise,Host Intrusion Prevention,Active Response,Data Exchange Layer,Endpoint Security",5.1,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2016-04-08T15:00:00.000Z,0
CVE-2015-8577,https://securityvulnerability.io/vulnerability/CVE-2015-8577,,"The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.",Mcafee,Virusscan Enterprise,,,0.0005000000237487257,false,,false,false,false,,,false,false,,2015-12-16T18:00:00.000Z,0
CVE-2010-5143,https://securityvulnerability.io/vulnerability/CVE-2010-5143,,McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.,Mcafee,Virusscan Enterprise,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2012-08-22T10:42:00.000Z,0
CVE-2010-3496,https://securityvulnerability.io/vulnerability/CVE-2010-3496,,"McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.",Mcafee,Virusscan Enterprise,,,0.029680000618100166,false,,false,false,false,,,false,false,,2012-08-22T10:42:00.000Z,0
CVE-2009-5118,https://securityvulnerability.io/vulnerability/CVE-2009-5118,,"Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share.",Mcafee,Virusscan Enterprise,,,0.0006699999794363976,false,,false,false,false,,,false,false,,2012-08-22T10:00:00.000Z,0
CVE-2009-1348,https://securityvulnerability.io/vulnerability/CVE-2009-1348,,"The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.",Mcafee,"Total Protection,Securityshield For Email Servers,Internet Security Suite,Virusscan Enterprise,Active Virus Defense,Securityshield For Microsoft Sharepoint,Virusscan Commandline,Virusscan Plus,Active Virusscan,Virusscan Usb,Securityshield For Microsoft Isa Server,Email Gateway,Total Protection For Endpoint",,,0.007309999782592058,false,,false,false,false,,,false,false,,2009-04-30T20:00:00.000Z,0
CVE-2007-2152,https://securityvulnerability.io/vulnerability/CVE-2007-2152,,Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters.,Mcafee,Virusscan Enterprise,,,0.7770299911499023,false,,false,false,false,,,false,false,,2007-04-19T10:00:00.000Z,0
CVE-2007-1538,https://securityvulnerability.io/vulnerability/CVE-2007-1538,,"McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion.  NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product",Mcafee,Virusscan Enterprise,,,0.0020099999383091927,false,,false,false,false,,,false,false,,2007-03-20T22:00:00.000Z,0
CVE-2006-4886,https://securityvulnerability.io/vulnerability/CVE-2006-4886,,"The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.",Mcafee,"Virusscan Enterprise,Scan Engine",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2006-09-19T21:00:00.000Z,0
CVE-2005-4505,https://securityvulnerability.io/vulnerability/CVE-2005-4505,,"Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious ""program.exe"" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted ""Program Files"" path.",Mcafee,"Common Management Agent,Virusscan Enterprise",,,0.0004400000034365803,false,,false,false,false,,,false,false,,2005-12-23T00:00:00.000Z,0