Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for true_key by mcafee

    CVE-2020-7299 (GCVE-0-2020-7299)

    Vulnerability from nvd – Published: 2020-09-04 14:05 – Updated: 2024-09-16 19:05
    VLAI
    Title
    Sensitive Data Exposure vulnerability in McAfee True Key Windows Client
    Summary
    Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee,LLC McAfee True Key Windows client Affected: 6.x , < 6.2.110.8 (custom)
    Create a notification for this product.
    Date Public
    2020-09-04 00:00
    Credits
    McAfee credits nestedif for responsibly reporting this flaw.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:49.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee True Key Windows client",
              "vendor": "McAfee,LLC",
              "versions": [
                {
                  "lessThan": "6.2.110.8",
                  "status": "affected",
                  "version": "6.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee credits nestedif for responsibly reporting this flaw."
            }
          ],
          "datePublic": "2020-09-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-04T14:05:21.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2020-09-04T00:00:00.000Z",
              "ID": "CVE-2020-7299",
              "STATE": "PUBLIC",
              "TITLE": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee True Key Windows client",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.x",
                                "version_value": "6.2.110.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee,LLC"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee credits nestedif for responsibly reporting this flaw."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522: Insufficiently Protected Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2020-7299",
        "datePublished": "2020-09-04T14:05:21.286Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:05:05.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3610 (GCVE-0-2019-3610)

    Vulnerability from nvd – Published: 2019-02-13 17:00 – Updated: 2024-09-16 18:24
    VLAI
    Title
    True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability
    Summary
    Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
    CWE
    • Data Leakage Attacks vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee, LLC True Key (TK) Affected: 3.1 , ≤ 3.1.9211.0 (custom)
    Create a notification for this product.
    Date Public
    2019-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107217"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Chrome, Edge and Firefox"
              ],
              "product": "True Key (TK)",
              "vendor": "McAfee, LLC",
              "versions": [
                {
                  "lessThanOrEqual": "3.1.9211.0",
                  "status": "affected",
                  "version": "3.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Leakage Attacks vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-05T10:57:02.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "107217",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107217"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2019-02-13T15:00:00.000Z",
              "ID": "CVE-2019-3610",
              "STATE": "PUBLIC",
              "TITLE": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key (TK)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "Chrome, Edge and Firefox",
                                "version_affected": "\u003c=",
                                "version_name": "3.1",
                                "version_value": "3.1.9211.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee, LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Leakage Attacks vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107217",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107217"
                },
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3610",
        "datePublished": "2019-02-13T17:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:24:29.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6757 (GCVE-0-2018-6757)

    Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Privilege Escalation vulnerability
    Summary
    Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
    CWE
    • Privilege Escalation vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.374Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Privilege Escalation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6757",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Privilege Escalation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6757",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6756 (GCVE-0-2018-6756)

    Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Authentication Abuse vulnerability
    Summary
    Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
    CWE
    • Authentication Abuse vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Abuse vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Authentication Abuse vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6756",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Authentication Abuse vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Abuse vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6756",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6755 (GCVE-0-2018-6755)

    Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Weak Directory Permission Vulnerability
    Summary
    Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
    CWE
    • Weak Directory Permission Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Weak Directory Permission\u00a0Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6755",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Weak Directory Permission\u00a0Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6755",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6700 (GCVE-0-2018-6700)

    Vulnerability from nvd – Published: 2018-09-24 13:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) - DLL Search Order Hijacking vulnerability
    Summary
    DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.
    CWE
    • DLL Search Order Hijacking vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key (TK) Affected: 5.1.165 , < 5.1.165 (custom)
    Create a notification for this product.
    Date Public
    2018-09-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.361Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key (TK)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "5.1.165",
                  "status": "affected",
                  "version": "5.1.165",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Search Order Hijacking vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-24T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
            }
          ],
          "source": {
            "advisory": "TS102846",
            "discovery": "UNKNOWN"
          },
          "title": "True Key (TK) - DLL Search Order Hijacking vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6700",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) - DLL Search Order Hijacking vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key (TK)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "5.1.165",
                                "version_value": "5.1.165"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Search Order Hijacking vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
                }
              ]
            },
            "source": {
              "advisory": "TS102846",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6700",
        "datePublished": "2018-09-24T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6682 (GCVE-0-2018-6682)

    Vulnerability from nvd – Published: 2018-09-24 12:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) - Cross Site Scripting Exposure
    Summary
    Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
    CWE
    • Cross Site Scripting Exposure
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key (TK) Affected: 4.0.0.0 , ≤ 4.0.0.0 (custom)
    Create a notification for this product.
    Date Public
    2018-08-08 00:00
    Credits
    McAfee credits YoKo Kho for reporting this flaw.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key (TK)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.0.0",
                  "status": "affected",
                  "version": "4.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee credits YoKo Kho for reporting this flaw."
            }
          ],
          "datePublic": "2018-08-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting Exposure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-24T11:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
            }
          ],
          "source": {
            "advisory": "TS102825",
            "discovery": "USER"
          },
          "title": "True Key (TK) - Cross Site Scripting Exposure",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6682",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) - Cross Site Scripting Exposure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key (TK)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "4.0.0.0",
                                "version_value": "4.0.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee credits YoKo Kho for reporting this flaw."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
                }
              ]
            },
            "source": {
              "advisory": "TS102825",
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6682",
        "datePublished": "2018-09-24T12:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:10.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6661 (GCVE-0-2018-6661)

    Vulnerability from nvd – Published: 2018-04-02 13:00 – Updated: 2024-09-16 18:13
    VLAI
    Title
    TS102801 True Key DLL Side-Loading vulnerability
    Summary
    DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
    CWE
    • DLL Side-Loading vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 4.20.110 , < 4.20.110 (custom)
    Create a notification for this product.
    Date Public
    2018-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "4.20.110",
                  "status": "affected",
                  "version": "4.20.110",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Side-Loading vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-02T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
            }
          ],
          "source": {
            "advisory": "TS102801",
            "discovery": "EXTERNAL"
          },
          "title": "TS102801 True Key DLL Side-Loading vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2018-03-31T00:00:00.000Z",
              "ID": "CVE-2018-6661",
              "STATE": "PUBLIC",
              "TITLE": "TS102801 True Key DLL Side-Loading vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.20.110",
                                "version_value": "4.20.110"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Side-Loading vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
                }
              ]
            },
            "source": {
              "advisory": "TS102801",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6661",
        "datePublished": "2018-04-02T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:31.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7299 (GCVE-0-2020-7299)

    Vulnerability from cvelistv5 – Published: 2020-09-04 14:05 – Updated: 2024-09-16 19:05
    VLAI
    Title
    Sensitive Data Exposure vulnerability in McAfee True Key Windows Client
    Summary
    Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee,LLC McAfee True Key Windows client Affected: 6.x , < 6.2.110.8 (custom)
    Create a notification for this product.
    Date Public
    2020-09-04 00:00
    Credits
    McAfee credits nestedif for responsibly reporting this flaw.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:49.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee True Key Windows client",
              "vendor": "McAfee,LLC",
              "versions": [
                {
                  "lessThan": "6.2.110.8",
                  "status": "affected",
                  "version": "6.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee credits nestedif for responsibly reporting this flaw."
            }
          ],
          "datePublic": "2020-09-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-04T14:05:21.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2020-09-04T00:00:00.000Z",
              "ID": "CVE-2020-7299",
              "STATE": "PUBLIC",
              "TITLE": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee True Key Windows client",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.x",
                                "version_value": "6.2.110.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee,LLC"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee credits nestedif for responsibly reporting this flaw."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522: Insufficiently Protected Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2020-7299",
        "datePublished": "2020-09-04T14:05:21.286Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:05:05.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3610 (GCVE-0-2019-3610)

    Vulnerability from cvelistv5 – Published: 2019-02-13 17:00 – Updated: 2024-09-16 18:24
    VLAI
    Title
    True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability
    Summary
    Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
    CWE
    • Data Leakage Attacks vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee, LLC True Key (TK) Affected: 3.1 , ≤ 3.1.9211.0 (custom)
    Create a notification for this product.
    Date Public
    2019-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107217"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Chrome, Edge and Firefox"
              ],
              "product": "True Key (TK)",
              "vendor": "McAfee, LLC",
              "versions": [
                {
                  "lessThanOrEqual": "3.1.9211.0",
                  "status": "affected",
                  "version": "3.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Leakage Attacks vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-05T10:57:02.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "107217",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107217"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2019-02-13T15:00:00.000Z",
              "ID": "CVE-2019-3610",
              "STATE": "PUBLIC",
              "TITLE": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key (TK)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "Chrome, Edge and Firefox",
                                "version_affected": "\u003c=",
                                "version_name": "3.1",
                                "version_value": "3.1.9211.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee, LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Leakage Attacks vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107217",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107217"
                },
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3610",
        "datePublished": "2019-02-13T17:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:24:29.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6755 (GCVE-0-2018-6755)

    Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Weak Directory Permission Vulnerability
    Summary
    Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
    CWE
    • Weak Directory Permission Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Weak Directory Permission\u00a0Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6755",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Weak Directory Permission\u00a0Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6755",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6756 (GCVE-0-2018-6756)

    Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Authentication Abuse vulnerability
    Summary
    Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
    CWE
    • Authentication Abuse vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Abuse vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Authentication Abuse vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6756",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Authentication Abuse vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Abuse vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6756",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6757 (GCVE-0-2018-6757)

    Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) Windows Client - Privilege Escalation vulnerability
    Summary
    Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
    CWE
    • Privilege Escalation vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 5.1.230.7 , ≤ 5.1.230.7 (custom)
    Create a notification for this product.
    Date Public
    2018-12-06 00:00
    Credits
    McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.374Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45961/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.230.7",
                  "status": "affected",
                  "version": "5.1.230.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "45961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45961/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
            }
          ],
          "source": {
            "advisory": "TS102872",
            "discovery": "EXTERNAL"
          },
          "title": "True Key (TK) Windows Client - Privilege Escalation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6757",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) Windows Client - Privilege Escalation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "5.1.230.7",
                                "version_value": "5.1.230.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45961/"
                },
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
                }
              ]
            },
            "source": {
              "advisory": "TS102872",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6757",
        "datePublished": "2018-12-06T23:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6700 (GCVE-0-2018-6700)

    Vulnerability from cvelistv5 – Published: 2018-09-24 13:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) - DLL Search Order Hijacking vulnerability
    Summary
    DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.
    CWE
    • DLL Search Order Hijacking vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key (TK) Affected: 5.1.165 , < 5.1.165 (custom)
    Create a notification for this product.
    Date Public
    2018-09-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.361Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key (TK)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "5.1.165",
                  "status": "affected",
                  "version": "5.1.165",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Search Order Hijacking vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-24T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
            }
          ],
          "source": {
            "advisory": "TS102846",
            "discovery": "UNKNOWN"
          },
          "title": "True Key (TK) - DLL Search Order Hijacking vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6700",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) - DLL Search Order Hijacking vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key (TK)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "5.1.165",
                                "version_value": "5.1.165"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Search Order Hijacking vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
                }
              ]
            },
            "source": {
              "advisory": "TS102846",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6700",
        "datePublished": "2018-09-24T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6682 (GCVE-0-2018-6682)

    Vulnerability from cvelistv5 – Published: 2018-09-24 12:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    True Key (TK) - Cross Site Scripting Exposure
    Summary
    Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
    CWE
    • Cross Site Scripting Exposure
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key (TK) Affected: 4.0.0.0 , ≤ 4.0.0.0 (custom)
    Create a notification for this product.
    Date Public
    2018-08-08 00:00
    Credits
    McAfee credits YoKo Kho for reporting this flaw.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "True Key (TK)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.0.0",
                  "status": "affected",
                  "version": "4.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee credits YoKo Kho for reporting this flaw."
            }
          ],
          "datePublic": "2018-08-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting Exposure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-24T11:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
            }
          ],
          "source": {
            "advisory": "TS102825",
            "discovery": "USER"
          },
          "title": "True Key (TK) - Cross Site Scripting Exposure",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6682",
              "STATE": "PUBLIC",
              "TITLE": "True Key (TK) - Cross Site Scripting Exposure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key (TK)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_name": "4.0.0.0",
                                "version_value": "4.0.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee credits YoKo Kho for reporting this flaw."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
                }
              ]
            },
            "source": {
              "advisory": "TS102825",
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6682",
        "datePublished": "2018-09-24T12:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:10.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6661 (GCVE-0-2018-6661)

    Vulnerability from cvelistv5 – Published: 2018-04-02 13:00 – Updated: 2024-09-16 18:13
    VLAI
    Title
    TS102801 True Key DLL Side-Loading vulnerability
    Summary
    DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
    CWE
    • DLL Side-Loading vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee True Key Affected: 4.20.110 , < 4.20.110 (custom)
    Create a notification for this product.
    Date Public
    2018-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "True Key",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "4.20.110",
                  "status": "affected",
                  "version": "4.20.110",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Side-Loading vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-02T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
            }
          ],
          "source": {
            "advisory": "TS102801",
            "discovery": "EXTERNAL"
          },
          "title": "TS102801 True Key DLL Side-Loading vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2018-03-31T00:00:00.000Z",
              "ID": "CVE-2018-6661",
              "STATE": "PUBLIC",
              "TITLE": "TS102801 True Key DLL Side-Loading vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "True Key",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.20.110",
                                "version_value": "4.20.110"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Side-Loading vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
                }
              ]
            },
            "source": {
              "advisory": "TS102801",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6661",
        "datePublished": "2018-04-02T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:31.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }