CVE-2018-6674

LOW Year: 2018
CVSS v3 Score
3.9
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-264
View all →

Vulnerability Description

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).

Related Vulnerabilities

CVE-2015-7408

LOW
CVSS:3.7(Low)

The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers t...

CWE-2642015

CVE-2016-1183

LOW
CVSS:3.7(Low)

NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-exten...

CWE-2642016

CVE-2016-7903

LOW
CVSS:3.7(Low)

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

CWE-2642016

CVE-2017-18399

LOW
CVSS:3.7(Low)

cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).

CWE-2642017

CVE-2019-3637

MEDIUM
CVSS:4.1(Medium)

Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges.

CWE-2642019

CVE-2015-5233

MEDIUM
CVSS:4.2(Medium)

Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary ho...

CWE-2642015