31 matches found
CVE-2004-0230
Technical details beyond the public description are not provided in the supplied documents. CVE-2004-0230 describes a TCP sequence-number guessing/RST-injection denial-of-service under large window size; no remediation details are given here.
CVE-2017-4011
McAfee Network Data Loss Prevention (NDLP) 9.3.x is affected by a Cross‑Site Scripting (XSS) vulnerability in the server (notably via the User‑Agent header as per the nuclei template) that allowed remote attackers to view session/cookie data by modifying HTTP requests. Exploitation details are pr...
CVE-2017-3934
CVE-2017-3934 affects McAfee Network Data Loss Prevention (NDLP) server v9.3.x. The vulnerability is due to missing HTTP Strict Transport Security (HSTS) state, enabling MITM attackers to access confidential data by reading files on the web server. Descriptions in connected CNVD/NVD entries corro...
CVE-2017-4013
CVE-2017-4013 concerns the McAfee Network Data Loss Prevention (NDLP) server. The connected sources describe a banner/info-disclosure vulnerability in NDLP 9.3.x where remote attackers can obtain product information through HTTP response headers. No details about vulnerable subsystems, exact root...
CVE-2017-4017
McAfee Network Data Loss Prevention (NDLP) 9.3.x contains an information disclosure vulnerability in the server implementation that allows remote attackers to view user information via the appliance web interface. Public sources in connected documents corroborate that an attacker can exploit the ...
CVE-2017-4015
CVE-2017-4015 affects McAfee Network Data Loss Prevention (NDLP) 9.3.x. A remote authenticated attacker can hijack the victim’s click actions by sending specially crafted HTTP response headers to inject arbitrary web scripts/HTML. Root cause: improper validation of user-supplied HTTP response hea...
CVE-2014-8528
CVE-2014-8528 affects McAfee Network Data Loss Prevention (NDLP) prior to 9.3. The issue is that session IDs are logged, allowing local users to read the audit log and obtain sensitive information (partial confidentiality impact). No remediation or patch/version details are provided in the suppli...
CVE-2014-8520
CVE-2014-8520 affects McAfee Network Data Loss Prevention (NDLP) older than version 9.3. Public sources describe an information disclosure vulnerability where remote attackers can obtain sensitive data via vectors related to open network ports. The available documents do not provide specific tech...
CVE-2014-8522
CVE-2014-8522 concerns the MySQL database component used by McAfee Network Data Loss Prevention (NDLP). The vulnerability stems from the NDLP deployment permitting unauthenticated access to its MySQL database prior to version 9.3, meaning remote attackers could gain access without credentials. Pu...
CVE-2014-8525
CVE-2014-8525 affects McAfee Network Data Loss Prevention (NDLP) prior to 9.3, where the session cookie Set-Cookie header omits the HttpOnly flag. This allows script access to the cookie, potentially exposing sensitive information. The provided sources describe the issue but do not specify affect...
CVE-2017-3968
CVE-2017-3968 concerns a session fixation vulnerability in the web interface of McAfee Network Security Manager (NSM) and Network Data Loss Prevention (NDLP). The issue allows remote attackers to disclose sensitive information or manipulate the underlying database by exploiting a crafted authenti...
CVE-2014-8535
CVE-2014-8535 affects McAfee Network Data Loss Prevention (NDLP) prior to version 9.2.2. The vulnerability allows local users to bypass a restriction on an unspecified functionality via unknown vectors. The provided documents identify the affected product and version and describe the impact (bypa...
CVE-2017-3935
CVE-2017-3935 affects McAfee Network Data Loss Prevention (NDLP). All connected sources describe a MIME type sniffing vulnerability where the response body could be interpreted/displayed as a content type different from the intended one, potentially impacting how IE renders the content. The root ...
CVE-2014-8530
The vulnerability CVE-2014-8530 affects McAfee Network Data Loss Prevention (NDLP) before version 9.3. It is described as an unspecified vulnerability allowing remote attackers to obtain sensitive information, impact integrity, or cause a denial of service via unknown vectors, with the issue rela...
CVE-2017-4012
CVE-2017-4012 affects McAfee Network Data Loss Prevention (NDLP) server components in NDLP 9.3.x. The vulnerability allows remote authenticated users to view confidential information by modifying an HTTP request, constituting a privilege-escalation issue. Documents consistently describe impact as...
CVE-2017-4014
CVE-2017-4014 affects McAfee Network Data Loss Prevention (NDLP) 9.3.x. The vulnerability is described as a session-side hijack in the server, allowing remote authenticated users to view, add, and remove users by modifying HTTP requests. Affected component is the server implementation of NDLP 9.3...
CVE-2017-4016
CVE-2017-4016 affects McAfee Network Data Loss Prevention (NDLP) 9.3.x. The Web server allows information disclosure through HTTP response headers, enabling remote attackers to reveal additional vulnerabilities via the header leakage. CVSS data indicates network access with low privileges and par...
CVE-2017-3933
McAfee Network Data Loss Prevention (NDLP) 9.3.x is affected by a vulnerability described as Embedding Script (XSS) in HTTP Headers, allowing remote authenticated users to view confidential information via a cross-site request forgery (CSRF) attack. The issue, as documented across multiple source...
CVE-2014-8519
McAfee Network Data Loss Prevention (NDLP)
CVE-2014-8534
Technical details such as affected products/versions, root cause, exploitability, or fixes are not publicly provided in the connected documents. Monitor for updates from vendors and advisories to obtain concrete information.
CVE-2014-8524
CVE-2014-8524 affects McAfee Network Data Loss Prevention (NDLP) prior to version 9.3. The vulnerability arises because the autocomplete setting for passwords and other fields is not disabled, allowing remote attackers to obtain sensitive information via unspecified vectors. This is corroborated ...
CVE-2014-8529
CVE-2014-8529 affects McAfee Network Data Loss Prevention (NDLP) prior to version 9.3. The issue is that the product stores the SSH key in cleartext, enabling local users to obtain sensitive information via unspecified vectors. The documents provide the vulnerability presence and its information-...
CVE-2014-8532
Technical details about CVE-2014-8532 are not publicly available in the provided documents. The records describe an unspecified vulnerability in McAfee NDLP prior to 9.3 but do not specify affected components, root cause, or fixes. Monitor for updates.
CVE-2014-8526
McAfee Network Data Loss Prevention (NDLP) prior to version 9.3 is affected by a local information-disclosure vulnerability where an attacker can read a Java stack trace to obtain sensitive information. The available documents confirm the affected product and symptom (stack trace exposure) and th...
CVE-2014-8537
CVE-2014-8537 affects McAfee Network Data Loss Prevention (NDLP) prior to version 9.2.2. The vulnerability allows local users to obtain sensitive information by reading NDLP logs. The available documents confirm the affected product and the basic impact (information disclosure via logs); a deeper...
CVE-2014-8523
CVE-2014-8523 describes a CSRF vulnerability in McAfee Network Data Loss Prevention (NDLP) prior to version 9.3. The flaw could allow remote attackers to hijack the authentication of unspecified victims via unknown vectors; the exact attack vectors and exploited components are not detailed in the...
CVE-2014-8527
CVE-2014-8527 affects McAfee Network Data Loss Prevention (NDLP) prior to 9.3. The issue allows local users to obtain sensitive information and affect integrity through vectors related to a plain text password. The description provides affected product and root cause (plain text password handling...
CVE-2014-8531
The CVE-2014-8531 entry concerns McAfee Network Data Loss Prevention (NDLP) TLS/SSL Server prior to version 9.3. The issue is that the TLS/SSL Server uses weak cipher algorithms, enabling remote authenticated users to execute arbitrary code via unspecified vectors. Documents explicitly link the v...
CVE-2014-8536
CVE-2014-8536 affects McAfee Network Data Loss Prevention (NDLP) prior to version 9.2.2. The issue is a local information-disclosure vulnerability where local users can obtain sensitive data by reading unspecified error messages. Affected component is NDLP; root cause described as error messaging...
CVE-2014-8521
CVE-2014-8521 is an XSS vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3, where remote authenticated users can inject arbitrary web script or HTML via unspecified vectors. The NVD entry assigns a low impact (CVSSv2 base score 3.5) with network access and partial integrity im...
CVE-2014-8533
CVE-2014-8533 affects McAfee Network Data Loss Prevention (NDLP) prior to version 9.3. The issue allows remote attackers to execute arbitrary code via vectors related to ICMP redirection, resulting in potential impact to confidentiality, integrity, and availability as stated by NVD (base score 7....