Security Vulnerabilities - CVEs Published In June 2020
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-06-10
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.
CVSS Score
4.6
EPSS Score
0.0
Published
2020-06-10
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-06-10
DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.
CVSS Score
5.9
EPSS Score
0.0
Published
2020-06-10
Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-06-10
The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager.
CVSS Score
8.8
EPSS Score
0.011
Published
2020-06-09
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
CVSS Score
6.4
EPSS Score
0.0
Published
2020-06-09
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
CVSS Score
6.4
EPSS Score
0.001
Published
2020-06-09
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
CVSS Score
6.4
EPSS Score
0.001
Published
2020-06-09
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
CVSS Score
6.4
EPSS Score
0.001
Published
2020-06-09