Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for security_scan_plus by mcafee
CVE-2022-37025 (GCVE-0-2022-37025)
Vulnerability from nvd – Published: 2022-08-18 12:23 – Updated: 2024-08-03 10:21
VLAI
Summary
An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.mcafee.com/en-us/antivirus/mcafee-sec… | x_refsource_MISC |
| https://attack.mitre.org/techniques/T1218/ | x_refsource_MISC |
| https://www.mcafee.com/support/?articleId=TS10333… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mcafee.com/en-us/antivirus/mcafee-security-scan-plus.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attack.mitre.org/techniques/T1218/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mcafee.com/support/?articleId=TS103335\u0026page=shell\u0026shell=article-view"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T12:23:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mcafee.com/en-us/antivirus/mcafee-security-scan-plus.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://attack.mitre.org/techniques/T1218/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mcafee.com/support/?articleId=TS103335\u0026page=shell\u0026shell=article-view"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mcafee.com/en-us/antivirus/mcafee-security-scan-plus.html",
"refsource": "MISC",
"url": "https://www.mcafee.com/en-us/antivirus/mcafee-security-scan-plus.html"
},
{
"name": "https://attack.mitre.org/techniques/T1218/",
"refsource": "MISC",
"url": "https://attack.mitre.org/techniques/T1218/"
},
{
"name": "https://www.mcafee.com/support/?articleId=TS103335\u0026page=shell\u0026shell=article-view",
"refsource": "MISC",
"url": "https://www.mcafee.com/support/?articleId=TS103335\u0026page=shell\u0026shell=article-view"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37025",
"datePublished": "2022-08-18T12:23:57.000Z",
"dateReserved": "2022-07-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:21:32.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3897 (GCVE-0-2017-3897)
Vulnerability from nvd – Published: 2017-09-01 13:00 – Updated: 2024-09-17 02:57
VLAI
Summary
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.
Severity
No CVSS data available.
CWE
- Code Injection vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100100 | vdb-entryx_refsource_BID |
| http://service.mcafee.com/FAQDocument.aspx?lc=103… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | Live Safe |
Affected:
16.0.3
|
|
| McAfee | Security Scan Plus |
Affected:
3.11.599.3
|
Date Public
2017-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100100"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?lc=1033\u0026id=TS102723"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Live Safe",
"vendor": "McAfee",
"versions": [
{
"status": "affected",
"version": "16.0.3"
}
]
},
{
"product": "Security Scan Plus",
"vendor": "McAfee",
"versions": [
{
"status": "affected",
"version": "3.11.599.3"
}
]
}
],
"datePublic": "2017-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "100100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100100"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?lc=1033\u0026id=TS102723"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2017-08-31T00:00:00",
"ID": "CVE-2017-3897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Live Safe",
"version": {
"version_data": [
{
"version_value": "16.0.3"
}
]
}
},
{
"product_name": "Security Scan Plus",
"version": {
"version_data": [
{
"version_value": "3.11.599.3"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100100"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?lc=1033\u0026id=TS102723",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?lc=1033\u0026id=TS102723"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2017-3897",
"datePublished": "2017-09-01T13:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:57:59.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8026 (GCVE-0-2016-8026)
Vulnerability from nvd – Published: 2017-03-14 22:00 – Updated: 2024-08-06 02:13
VLAI
Summary
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- Arbitrary command execution vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98068 | vdb-entryx_refsource_BID |
| https://service.mcafee.com/webcenter/portal/cp/ho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel | McAfee Security Scan Plus (SSP) |
Affected:
3.11.469 and earlier
|
Date Public
2016-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98068",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98068"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Security Scan Plus (SSP)",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "3.11.469 and earlier"
}
]
}
],
"datePublic": "2016-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary command execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "98068",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98068"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Security Scan Plus (SSP)",
"version": {
"version_data": [
{
"version_value": "3.11.469 and earlier"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary command execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98068"
},
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102614",
"refsource": "MISC",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2016-8026",
"datePublished": "2017-03-14T22:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:13:21.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8008 (GCVE-0-2016-8008)
Vulnerability from nvd – Published: 2017-03-14 22:00 – Updated: 2024-08-06 02:13
VLAI
Summary
Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system.
Severity
No CVSS data available.
CWE
- Privilege escalation vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://service.mcafee.com/webcenter/portal/cp/ho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel | Security Scan Plus (SSP) |
Affected:
3.11.376
|
Date Public
2016-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102593"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Scan Plus (SSP)",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "3.11.376"
}
]
}
],
"datePublic": "2016-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-14T21:57:01.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102593"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Scan Plus (SSP)",
"version": {
"version_data": [
{
"version_value": "3.11.376"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102593",
"refsource": "MISC",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102593"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2016-8008",
"datePublished": "2017-03-14T22:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:13:21.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8993 (GCVE-0-2015-8993)
Vulnerability from nvd – Published: 2017-03-14 22:00 – Updated: 2024-08-06 08:36
VLAI
Summary
Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
Severity
No CVSS data available.
CWE
- Malicious file execution vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://service.mcafee.com/webcenter/portal/cp/ho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel | CloudAV (Beta) |
Affected:
before 0.5.0.151.3
|
Date Public
2015-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudAV (Beta)",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "before 0.5.0.151.3"
}
]
}
],
"datePublic": "2015-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Malicious file execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-14T21:57:01.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2015-8993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudAV (Beta)",
"version": {
"version_data": [
{
"version_value": "before 0.5.0.151.3"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462",
"refsource": "MISC",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2015-8993",
"datePublished": "2017-03-14T22:00:00.000Z",
"dateReserved": "2017-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:36:31.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8992 (GCVE-0-2015-8992)
Vulnerability from nvd – Published: 2017-03-14 22:00 – Updated: 2024-08-06 08:36
VLAI
Summary
Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
Severity
No CVSS data available.
CWE
- Malicious file execution vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://service.mcafee.com/webcenter/portal/cp/ho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel | WebAdvisor |
Affected:
before 4.0.2, 4.0.1 and 3.7.2
|
Date Public
2015-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebAdvisor",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "before 4.0.2, 4.0.1 and 3.7.2"
}
]
}
],
"datePublic": "2015-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Malicious file execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-14T21:57:01.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2015-8992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebAdvisor",
"version": {
"version_data": [
{
"version_value": "before 4.0.2, 4.0.1 and 3.7.2"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462",
"refsource": "MISC",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2015-8992",
"datePublished": "2017-03-14T22:00:00.000Z",
"dateReserved": "2017-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:36:31.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8991 (GCVE-0-2015-8991)
Vulnerability from nvd – Published: 2017-03-14 22:00 – Updated: 2024-08-06 08:36
VLAI
Summary
Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
Severity
No CVSS data available.
CWE
- Malicious file execution vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://service.mcafee.com/webcenter/portal/cp/ho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel | McAfee Security Scan+ (MSS+) |
Affected:
before 3.11.266.3
|
Date Public
2015-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Security Scan+ (MSS+)",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "before 3.11.266.3"
}
]
}
],
"datePublic": "2015-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Malicious file execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-14T21:57:01.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2015-8991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Security Scan+ (MSS+)",
"version": {
"version_data": [
{
"version_value": "before 3.11.266.3"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462",
"refsource": "MISC",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2015-8991",
"datePublished": "2017-03-14T22:00:00.000Z",
"dateReserved": "2017-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:36:31.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37025 (GCVE-0-2022-37025)
Vulnerability from cvelistv5 – Published: 2022-08-18 12:23 – Updated: 2024-08-03 10:21
VLAI
Summary
An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.mcafee.com/en-us/antivirus/mcafee-sec… | x_refsource_MISC |
| https://attack.mitre.org/techniques/T1218/ | x_refsource_MISC |
| https://www.mcafee.com/support/?articleId=TS10333… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mcafee.com/en-us/antivirus/mcafee-security-scan-plus.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attack.mitre.org/techniques/T1218/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mcafee.com/support/?articleId=TS103335\u0026page=shell\u0026shell=article-view"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T12:23:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mcafee.com/en-us/antivirus/mcafee-security-scan-plus.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://attack.mitre.org/techniques/T1218/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mcafee.com/support/?articleId=TS103335\u0026page=shell\u0026shell=article-view"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mcafee.com/en-us/antivirus/mcafee-security-scan-plus.html",
"refsource": "MISC",
"url": "https://www.mcafee.com/en-us/antivirus/mcafee-security-scan-plus.html"
},
{
"name": "https://attack.mitre.org/techniques/T1218/",
"refsource": "MISC",
"url": "https://attack.mitre.org/techniques/T1218/"
},
{
"name": "https://www.mcafee.com/support/?articleId=TS103335\u0026page=shell\u0026shell=article-view",
"refsource": "MISC",
"url": "https://www.mcafee.com/support/?articleId=TS103335\u0026page=shell\u0026shell=article-view"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37025",
"datePublished": "2022-08-18T12:23:57.000Z",
"dateReserved": "2022-07-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:21:32.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3897 (GCVE-0-2017-3897)
Vulnerability from cvelistv5 – Published: 2017-09-01 13:00 – Updated: 2024-09-17 02:57
VLAI
Summary
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.
Severity
No CVSS data available.
CWE
- Code Injection vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100100 | vdb-entryx_refsource_BID |
| http://service.mcafee.com/FAQDocument.aspx?lc=103… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | Live Safe |
Affected:
16.0.3
|
|
| McAfee | Security Scan Plus |
Affected:
3.11.599.3
|
Date Public
2017-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100100"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?lc=1033\u0026id=TS102723"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Live Safe",
"vendor": "McAfee",
"versions": [
{
"status": "affected",
"version": "16.0.3"
}
]
},
{
"product": "Security Scan Plus",
"vendor": "McAfee",
"versions": [
{
"status": "affected",
"version": "3.11.599.3"
}
]
}
],
"datePublic": "2017-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "100100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100100"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?lc=1033\u0026id=TS102723"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2017-08-31T00:00:00",
"ID": "CVE-2017-3897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Live Safe",
"version": {
"version_data": [
{
"version_value": "16.0.3"
}
]
}
},
{
"product_name": "Security Scan Plus",
"version": {
"version_data": [
{
"version_value": "3.11.599.3"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100100"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?lc=1033\u0026id=TS102723",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?lc=1033\u0026id=TS102723"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2017-3897",
"datePublished": "2017-09-01T13:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:57:59.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8008 (GCVE-0-2016-8008)
Vulnerability from cvelistv5 – Published: 2017-03-14 22:00 – Updated: 2024-08-06 02:13
VLAI
Summary
Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system.
Severity
No CVSS data available.
CWE
- Privilege escalation vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://service.mcafee.com/webcenter/portal/cp/ho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel | Security Scan Plus (SSP) |
Affected:
3.11.376
|
Date Public
2016-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102593"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Scan Plus (SSP)",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "3.11.376"
}
]
}
],
"datePublic": "2016-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-14T21:57:01.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102593"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Scan Plus (SSP)",
"version": {
"version_data": [
{
"version_value": "3.11.376"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102593",
"refsource": "MISC",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102593"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2016-8008",
"datePublished": "2017-03-14T22:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:13:21.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8992 (GCVE-0-2015-8992)
Vulnerability from cvelistv5 – Published: 2017-03-14 22:00 – Updated: 2024-08-06 08:36
VLAI
Summary
Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
Severity
No CVSS data available.
CWE
- Malicious file execution vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://service.mcafee.com/webcenter/portal/cp/ho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel | WebAdvisor |
Affected:
before 4.0.2, 4.0.1 and 3.7.2
|
Date Public
2015-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebAdvisor",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "before 4.0.2, 4.0.1 and 3.7.2"
}
]
}
],
"datePublic": "2015-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Malicious file execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-14T21:57:01.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2015-8992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebAdvisor",
"version": {
"version_data": [
{
"version_value": "before 4.0.2, 4.0.1 and 3.7.2"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462",
"refsource": "MISC",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2015-8992",
"datePublished": "2017-03-14T22:00:00.000Z",
"dateReserved": "2017-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:36:31.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8026 (GCVE-0-2016-8026)
Vulnerability from cvelistv5 – Published: 2017-03-14 22:00 – Updated: 2024-08-06 02:13
VLAI
Summary
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- Arbitrary command execution vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98068 | vdb-entryx_refsource_BID |
| https://service.mcafee.com/webcenter/portal/cp/ho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel | McAfee Security Scan Plus (SSP) |
Affected:
3.11.469 and earlier
|
Date Public
2016-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98068",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98068"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Security Scan Plus (SSP)",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "3.11.469 and earlier"
}
]
}
],
"datePublic": "2016-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary command execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "98068",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98068"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Security Scan Plus (SSP)",
"version": {
"version_data": [
{
"version_value": "3.11.469 and earlier"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary command execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98068"
},
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102614",
"refsource": "MISC",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2016-8026",
"datePublished": "2017-03-14T22:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:13:21.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8991 (GCVE-0-2015-8991)
Vulnerability from cvelistv5 – Published: 2017-03-14 22:00 – Updated: 2024-08-06 08:36
VLAI
Summary
Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
Severity
No CVSS data available.
CWE
- Malicious file execution vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://service.mcafee.com/webcenter/portal/cp/ho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel | McAfee Security Scan+ (MSS+) |
Affected:
before 3.11.266.3
|
Date Public
2015-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Security Scan+ (MSS+)",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "before 3.11.266.3"
}
]
}
],
"datePublic": "2015-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Malicious file execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-14T21:57:01.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2015-8991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Security Scan+ (MSS+)",
"version": {
"version_data": [
{
"version_value": "before 3.11.266.3"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462",
"refsource": "MISC",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2015-8991",
"datePublished": "2017-03-14T22:00:00.000Z",
"dateReserved": "2017-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:36:31.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8993 (GCVE-0-2015-8993)
Vulnerability from cvelistv5 – Published: 2017-03-14 22:00 – Updated: 2024-08-06 08:36
VLAI
Summary
Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
Severity
No CVSS data available.
CWE
- Malicious file execution vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://service.mcafee.com/webcenter/portal/cp/ho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel | CloudAV (Beta) |
Affected:
before 0.5.0.151.3
|
Date Public
2015-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudAV (Beta)",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "before 0.5.0.151.3"
}
]
}
],
"datePublic": "2015-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Malicious file execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-14T21:57:01.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2015-8993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudAV (Beta)",
"version": {
"version_data": [
{
"version_value": "before 0.5.0.151.3"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Malicious file execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462",
"refsource": "MISC",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102462"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2015-8993",
"datePublished": "2017-03-14T22:00:00.000Z",
"dateReserved": "2017-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:36:31.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}