9 matches found
CVE-2015-7704
CVE-2015-7704 describes a denial-of-service in ntpd caused by handling of Kiss-of-Death (KoD) messages. The issue arises from KoD processing that could delay or stop querying time sources. Affected software: ntpd in NTP 4.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77. Impact: unauthenticated remot...
CVE-2019-3644
CVE-2019-9517 is a denial-of-service vulnerability in McAfee Web Gateway (MWG) scanners exposed in MWG versions before 7.8.2.13. The issue arises from unconstrained interal data buffering in HTTP/2, where an attacker can flood a connection with requests and exhaust resources on the server. Affect...
CVE-2019-3643
CVE-2019-3643 relates to McAfee Web Gateway (MWG) older than 7.8.2.13 and is described as vulnerable to CVE-2019-9511, potentially causing a denial of service. The Connected documents provide no additional MWG-specific technical details, remediation, or confirmed exploit information in this set. ...
CVE-2019-3629
McAfee Enterprise Security Manager (ESM) has an authorization issue that allows an unauthenticated user to impersonate system users via specially crafted parameters. Affected versions are ESM prior to 11.2.0 and prior to 10.4.0. This is a protection bypass vulnerability in the application itself....
CVE-2019-3630
CVE-2019-3630 affects McAfee Enterprise Security Manager (ESM). An authenticated user can trigger a command injection via specially crafted parameters, allowing execution of arbitrary code on affected systems. Affected versions are ESM prior to 11.2.0 and prior to 10.4.0. The vulnerability stems ...
CVE-2019-3632
CVE-2019-3632 affects McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0. A directory traversal vulnerability allows an authenticated user to gain elevated privileges via specially crafted input, due to insufficient restrictions on path names. In practice, exploitation w...
CVE-2019-3631
McAfee Enterprise Security Manager (ESM) is affected by a command injection vulnerability (CVE-2019-3631) in versions prior to 11.2.0 and prior to 10.4.0. The issue arises from input that can be crafted by anAuthenticated user to cause arbitrary code execution. Impact is described as remote code ...
CVE-2019-3628
CVE-2019-3628 affects McAfee Enterprise Security Manager (ESM) 11.x before 11.2.0. An authenticated user can exploit incorrect access control to escalate privileges and access a core system component. Impact is described as privilege escalation with access to core components; remediation is to up...
CVE-2015-7310
McAfee Enterprise Security Manager (ESM), ESMLM, and ESMREC are affected by CVE-2015-7310. Versions prior to 9.3.2MR18, 9.4.x prior to 9.4.2MR8, and 9.5.x prior to 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename when downloading a file, due to imp...