Search criteria
24 vulnerabilities found for true_key by mcafee
FKIE_CVE-2020-7299
Vulnerability from fkie_nvd - Published: 2020-09-04 14:15 - Updated: 2024-11-21 05:37
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:true_key:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B2B59499-7183-485D-B3D1-D6B1DA0A97C2",
"versionEndExcluding": "6.2.109.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Almacenamiento de Informaci\u00f3n Confidencial en la Memoria en Texto Sin Cifrar en el cliente de Microsoft Windows en McAfee True Key (TK) anterior a versi\u00f3n 6.2.109.2, permite a un usuario local iniciar sesi\u00f3n con privilegios administrativos para acceder a contrase\u00f1as de otro usuario en la misma m\u00e1quina mediante la activaci\u00f3n de un volcado de proceso en situaciones espec\u00edficas"
}
],
"id": "CVE-2020-7299",
"lastModified": "2024-11-21T05:37:01.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 4.0,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-04T14:15:11.457",
"references": [
{
"source": "trellixpsirt@trellix.com",
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-3610
Vulnerability from fkie_nvd - Published: 2019-02-13 17:29 - Updated: 2024-11-21 04:42
Severity ?
5.6 (Medium) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:true_key:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF77FE81-F4CE-42A2-A762-C5EACB8E441F",
"versionEndIncluding": "3.1.9211.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
},
{
"lang": "es",
"value": "Vulnerabilidad de filtrado de datos en el cliente de Microsoft Windows en McAfee True Key (TK), en versiones 3.1.9211.0 y anteriores, permite que los usuarios locales expongan datos confidenciales mediante malware especialmente manipulado."
}
],
"id": "CVE-2019-3610",
"lastModified": "2024-11-21T04:42:14.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-13T17:29:00.193",
"references": [
{
"source": "trellixpsirt@trellix.com",
"url": "http://www.securityfocus.com/bid/107217"
},
{
"source": "trellixpsirt@trellix.com",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/107217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6756
Vulnerability from fkie_nvd - Published: 2018-12-06 23:29 - Updated: 2024-11-21 04:11
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:true_key:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75900C01-A886-438E-83CF-D534BD127DA0",
"versionEndIncluding": "5.1.230.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
},
{
"lang": "es",
"value": "Vulnerabilidad de abuso de autenticaci\u00f3n en Microsoft Windows Client en McAfee True Key (TK) 5.1.230.7 permite que usuarios locales ejecuten comandos no autorizados mediante malware especialmente manipulado."
}
],
"id": "CVE-2018-6756",
"lastModified": "2024-11-21T04:11:07.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-06T23:29:01.830",
"references": [
{
"source": "trellixpsirt@trellix.com",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
},
{
"source": "trellixpsirt@trellix.com",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/45961/"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6757
Vulnerability from fkie_nvd - Published: 2018-12-06 23:29 - Updated: 2024-11-21 04:11
Severity ?
7.5 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:true_key:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75900C01-A886-438E-83CF-D534BD127DA0",
"versionEndIncluding": "5.1.230.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
},
{
"lang": "es",
"value": "En unflatten de GraphicBuffer.cpp, hay un posible cierre err\u00f3neo de fd debido a la validaci\u00f3n de entradas incorrecta. Esto podr\u00eda llevar a un escalado de privilegios local en el servidor del sistema sin necesitar privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para explotarlo. Producto: Android. Versiones: Android-8.1 Android-9. Android ID: A-114223584."
}
],
"id": "CVE-2018-6757",
"lastModified": "2024-11-21T04:11:08.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-06T23:29:01.860",
"references": [
{
"source": "trellixpsirt@trellix.com",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
},
{
"source": "trellixpsirt@trellix.com",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/45961/"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6755
Vulnerability from fkie_nvd - Published: 2018-12-06 23:29 - Updated: 2024-11-21 04:11
Severity ?
7.2 (High) - CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:true_key:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75900C01-A886-438E-83CF-D534BD127DA0",
"versionEndIncluding": "5.1.230.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
},
{
"lang": "es",
"value": "Vulnerabilidad de permisos d\u00e9biles de directorio en el cliente de Microsoft Windows en McAfee True Key (TK) 5.1.230.7 permite que usuarios locales ejecuten c\u00f3digo arbitrario mediante malware especialmente manipulado."
}
],
"id": "CVE-2018-6755",
"lastModified": "2024-11-21T04:11:07.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-06T23:29:01.797",
"references": [
{
"source": "trellixpsirt@trellix.com",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
},
{
"source": "trellixpsirt@trellix.com",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/45961/"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6700
Vulnerability from fkie_nvd - Published: 2018-09-24 13:29 - Updated: 2024-11-21 04:11
Severity ?
Summary
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:true_key:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3665D86-052F-4E51-ABF0-DBFF79878209",
"versionEndExcluding": "5.1.165",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuestro de orden de b\u00fasqueda de DLL en Microsoft Windows Client en McAfee True Key (TK) en versiones anteriores a la 5.1.165 permite que usuarios locales ejecuten c\u00f3digo arbitrario mediante malware especialmente manipulado."
}
],
"id": "CVE-2018-6700",
"lastModified": "2024-11-21T04:11:07.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-24T13:29:00.567",
"references": [
{
"source": "trellixpsirt@trellix.com",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6682
Vulnerability from fkie_nvd - Published: 2018-09-24 12:29 - Updated: 2024-11-21 04:11
Severity ?
Summary
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:true_key:*:*:*:*:*:android:*:*",
"matchCriteriaId": "92DADBC7-50CA-49B3-8BB9-1215A46D1E37",
"versionEndIncluding": "4.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
},
{
"lang": "es",
"value": "Exposici\u00f3n a Cross-Site Scripting (XSS) en McAfee True Key (TK) en versiones 4.0.0.0 y anteriores permite que usuarios locales expongan datos confidenciales mediante un sitio web manipulado."
}
],
"id": "CVE-2018-6682",
"lastModified": "2024-11-21T04:11:06.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 0.4,
"impactScore": 5.5,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-24T12:29:00.343",
"references": [
{
"source": "trellixpsirt@trellix.com",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6661
Vulnerability from fkie_nvd - Published: 2018-04-02 13:29 - Updated: 2024-11-21 04:11
Severity ?
Summary
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:true_key:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0A84C1-01D0-43AA-BD57-A3AB6327A401",
"versionEndIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga lateral de DLL en Microsoft Windows Client en McAfee True Key en versiones anteriores a la 4.20.110 permite que los usuarios locales obtengan una elevaci\u00f3n de privilegios al no verificar la firma de un archivo DLL espec\u00edfico."
}
],
"id": "CVE-2018-6661",
"lastModified": "2024-11-21T04:11:04.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-02T13:29:00.343",
"references": [
{
"source": "trellixpsirt@trellix.com",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-7299 (GCVE-0-2020-7299)
Vulnerability from cvelistv5 – Published: 2020-09-04 14:05 – Updated: 2024-09-16 19:05
VLAI?
Title
Sensitive Data Exposure vulnerability in McAfee True Key Windows Client
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.
Severity ?
5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee,LLC | McAfee True Key Windows client |
Affected:
6.x , < 6.2.110.8
(custom)
|
Credits
McAfee credits nestedif for responsibly reporting this flaw.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee True Key Windows client",
"vendor": "McAfee,LLC",
"versions": [
{
"lessThan": "6.2.110.8",
"status": "affected",
"version": "6.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits nestedif for responsibly reporting this flaw."
}
],
"datePublic": "2020-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T14:05:21",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2020-09-04T00:00:00.000Z",
"ID": "CVE-2020-7299",
"STATE": "PUBLIC",
"TITLE": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee True Key Windows client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.x",
"version_value": "6.2.110.8"
}
]
}
}
]
},
"vendor_name": "McAfee,LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits nestedif for responsibly reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2020-7299",
"datePublished": "2020-09-04T14:05:21.286070Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-16T19:05:05.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3610 (GCVE-0-2019-3610)
Vulnerability from cvelistv5 – Published: 2019-02-13 17:00 – Updated: 2024-09-16 18:24
VLAI?
Title
True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability
Summary
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
Severity ?
5.6 (Medium)
CWE
- Data Leakage Attacks vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee, LLC | True Key (TK) |
Affected:
3.1 , ≤ 3.1.9211.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Chrome, Edge and Firefox"
],
"product": "True Key (TK)",
"vendor": "McAfee, LLC",
"versions": [
{
"lessThanOrEqual": "3.1.9211.0",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Leakage Attacks vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-05T10:57:02",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "107217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2019-02-13T15:00:00.000Z",
"ID": "CVE-2019-3610",
"STATE": "PUBLIC",
"TITLE": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "Chrome, Edge and Firefox",
"version_affected": "\u003c=",
"version_name": "3.1",
"version_value": "3.1.9211.0"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107217"
},
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3610",
"datePublished": "2019-02-13T17:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:24:29.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6757 (GCVE-0-2018-6757)
Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Privilege Escalation vulnerability
Summary
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.5 (High)
CWE
- Privilege Escalation vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Privilege Escalation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6757",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Privilege Escalation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6757",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6756 (GCVE-0-2018-6756)
Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Authentication Abuse vulnerability
Summary
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
Severity ?
7.8 (High)
CWE
- Authentication Abuse vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Abuse vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Authentication Abuse vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6756",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Authentication Abuse vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Abuse vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6756",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6755 (GCVE-0-2018-6755)
Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Weak Directory Permission Vulnerability
Summary
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.2 (High)
CWE
- Weak Directory Permission Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Directory Permission\u00a0Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6755",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Directory Permission\u00a0Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6755",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6700 (GCVE-0-2018-6700)
Vulnerability from cvelistv5 – Published: 2018-09-24 13:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) - DLL Search Order Hijacking vulnerability
Summary
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.5 (High)
CWE
- DLL Search Order Hijacking vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | True Key (TK) |
Affected:
5.1.165 , < 5.1.165
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key (TK)",
"vendor": "McAfee",
"versions": [
{
"lessThan": "5.1.165",
"status": "affected",
"version": "5.1.165",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Search Order Hijacking vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T12:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
],
"source": {
"advisory": "TS102846",
"discovery": "UNKNOWN"
},
"title": "True Key (TK) - DLL Search Order Hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6700",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) - DLL Search Order Hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "x86",
"version_affected": "\u003c",
"version_name": "5.1.165",
"version_value": "5.1.165"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
]
},
"source": {
"advisory": "TS102846",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6700",
"datePublished": "2018-09-24T13:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6682 (GCVE-0-2018-6682)
Vulnerability from cvelistv5 – Published: 2018-09-24 12:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) - Cross Site Scripting Exposure
Summary
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
Severity ?
5.9 (Medium)
CWE
- Cross Site Scripting Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | True Key (TK) |
Affected:
4.0.0.0 , ≤ 4.0.0.0
(custom)
|
Credits
McAfee credits YoKo Kho for reporting this flaw.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key (TK)",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "4.0.0.0",
"status": "affected",
"version": "4.0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits YoKo Kho for reporting this flaw."
}
],
"datePublic": "2018-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting Exposure\n",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T11:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
],
"source": {
"advisory": "TS102825",
"discovery": "USER"
},
"title": "True Key (TK) - Cross Site Scripting Exposure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6682",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) - Cross Site Scripting Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "4.0.0.0",
"version_value": "4.0.0.0"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits YoKo Kho for reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting Exposure\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
]
},
"source": {
"advisory": "TS102825",
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6682",
"datePublished": "2018-09-24T12:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:10.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6661 (GCVE-0-2018-6661)
Vulnerability from cvelistv5 – Published: 2018-04-02 13:00 – Updated: 2024-09-16 18:13
VLAI?
Title
TS102801 True Key DLL Side-Loading vulnerability
Summary
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
Severity ?
7.5 (High)
CWE
- DLL Side-Loading vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThan": "4.20.110",
"status": "affected",
"version": "4.20.110",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Side-Loading vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-02T12:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
],
"source": {
"advisory": "TS102801",
"discovery": "EXTERNAL"
},
"title": "TS102801 True Key DLL Side-Loading vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2018-03-31T00:00:00.000Z",
"ID": "CVE-2018-6661",
"STATE": "PUBLIC",
"TITLE": "TS102801 True Key DLL Side-Loading vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.20.110",
"version_value": "4.20.110"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Side-Loading vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
]
},
"source": {
"advisory": "TS102801",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6661",
"datePublished": "2018-04-02T13:00:00Z",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-09-16T18:13:31.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7299 (GCVE-0-2020-7299)
Vulnerability from nvd – Published: 2020-09-04 14:05 – Updated: 2024-09-16 19:05
VLAI?
Title
Sensitive Data Exposure vulnerability in McAfee True Key Windows Client
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.
Severity ?
5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee,LLC | McAfee True Key Windows client |
Affected:
6.x , < 6.2.110.8
(custom)
|
Credits
McAfee credits nestedif for responsibly reporting this flaw.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee True Key Windows client",
"vendor": "McAfee,LLC",
"versions": [
{
"lessThan": "6.2.110.8",
"status": "affected",
"version": "6.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits nestedif for responsibly reporting this flaw."
}
],
"datePublic": "2020-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T14:05:21",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2020-09-04T00:00:00.000Z",
"ID": "CVE-2020-7299",
"STATE": "PUBLIC",
"TITLE": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee True Key Windows client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.x",
"version_value": "6.2.110.8"
}
]
}
}
]
},
"vendor_name": "McAfee,LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits nestedif for responsibly reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2020-7299",
"datePublished": "2020-09-04T14:05:21.286070Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-16T19:05:05.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3610 (GCVE-0-2019-3610)
Vulnerability from nvd – Published: 2019-02-13 17:00 – Updated: 2024-09-16 18:24
VLAI?
Title
True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability
Summary
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
Severity ?
5.6 (Medium)
CWE
- Data Leakage Attacks vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee, LLC | True Key (TK) |
Affected:
3.1 , ≤ 3.1.9211.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Chrome, Edge and Firefox"
],
"product": "True Key (TK)",
"vendor": "McAfee, LLC",
"versions": [
{
"lessThanOrEqual": "3.1.9211.0",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Leakage Attacks vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-05T10:57:02",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "107217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2019-02-13T15:00:00.000Z",
"ID": "CVE-2019-3610",
"STATE": "PUBLIC",
"TITLE": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "Chrome, Edge and Firefox",
"version_affected": "\u003c=",
"version_name": "3.1",
"version_value": "3.1.9211.0"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107217"
},
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3610",
"datePublished": "2019-02-13T17:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:24:29.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6757 (GCVE-0-2018-6757)
Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Privilege Escalation vulnerability
Summary
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.5 (High)
CWE
- Privilege Escalation vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Privilege Escalation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6757",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Privilege Escalation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6757",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6756 (GCVE-0-2018-6756)
Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Authentication Abuse vulnerability
Summary
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
Severity ?
7.8 (High)
CWE
- Authentication Abuse vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Abuse vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Authentication Abuse vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6756",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Authentication Abuse vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Abuse vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6756",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6755 (GCVE-0-2018-6755)
Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Weak Directory Permission Vulnerability
Summary
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.2 (High)
CWE
- Weak Directory Permission Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Directory Permission\u00a0Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6755",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Directory Permission\u00a0Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6755",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6700 (GCVE-0-2018-6700)
Vulnerability from nvd – Published: 2018-09-24 13:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) - DLL Search Order Hijacking vulnerability
Summary
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.5 (High)
CWE
- DLL Search Order Hijacking vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | True Key (TK) |
Affected:
5.1.165 , < 5.1.165
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key (TK)",
"vendor": "McAfee",
"versions": [
{
"lessThan": "5.1.165",
"status": "affected",
"version": "5.1.165",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Search Order Hijacking vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T12:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
],
"source": {
"advisory": "TS102846",
"discovery": "UNKNOWN"
},
"title": "True Key (TK) - DLL Search Order Hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6700",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) - DLL Search Order Hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "x86",
"version_affected": "\u003c",
"version_name": "5.1.165",
"version_value": "5.1.165"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
]
},
"source": {
"advisory": "TS102846",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6700",
"datePublished": "2018-09-24T13:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6682 (GCVE-0-2018-6682)
Vulnerability from nvd – Published: 2018-09-24 12:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) - Cross Site Scripting Exposure
Summary
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
Severity ?
5.9 (Medium)
CWE
- Cross Site Scripting Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | True Key (TK) |
Affected:
4.0.0.0 , ≤ 4.0.0.0
(custom)
|
Credits
McAfee credits YoKo Kho for reporting this flaw.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key (TK)",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "4.0.0.0",
"status": "affected",
"version": "4.0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits YoKo Kho for reporting this flaw."
}
],
"datePublic": "2018-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting Exposure\n",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T11:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
],
"source": {
"advisory": "TS102825",
"discovery": "USER"
},
"title": "True Key (TK) - Cross Site Scripting Exposure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6682",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) - Cross Site Scripting Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "4.0.0.0",
"version_value": "4.0.0.0"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits YoKo Kho for reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting Exposure\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
]
},
"source": {
"advisory": "TS102825",
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6682",
"datePublished": "2018-09-24T12:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:10.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6661 (GCVE-0-2018-6661)
Vulnerability from nvd – Published: 2018-04-02 13:00 – Updated: 2024-09-16 18:13
VLAI?
Title
TS102801 True Key DLL Side-Loading vulnerability
Summary
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
Severity ?
7.5 (High)
CWE
- DLL Side-Loading vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThan": "4.20.110",
"status": "affected",
"version": "4.20.110",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Side-Loading vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-02T12:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
],
"source": {
"advisory": "TS102801",
"discovery": "EXTERNAL"
},
"title": "TS102801 True Key DLL Side-Loading vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2018-03-31T00:00:00.000Z",
"ID": "CVE-2018-6661",
"STATE": "PUBLIC",
"TITLE": "TS102801 True Key DLL Side-Loading vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.20.110",
"version_value": "4.20.110"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Side-Loading vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
]
},
"source": {
"advisory": "TS102801",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6661",
"datePublished": "2018-04-02T13:00:00Z",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-09-16T18:13:31.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}