CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4592
https://notcve.org/view.php?id=CVE-2012-4592
The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. Portal en McAfee Enterprise Mobility Manager (EMM) anteriores a v10.0 no fija el "flag" de seguridad para la cookie de sesión para ASP.NET en una sesión https, lo que facilita a atacantes remotos capturar esta cookie interceptando su transmisión en la sesión http. • https://exchange.xforce.ibmcloud.com/vulnerabilities/78220 https://kc.mcafee.com/corporate/index?page=content&id=SB10022 •
CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0CVE-2009-5117
https://notcve.org/view.php?id=CVE-2009-5117
The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files. La funcionalidad Web Post Protection en McAfee Host Data Loss Prevention (DLP) v3.x anteriores a v3.0.100.10 y v9.x anteriores a v9.0.0.422, cunado el modo HTTP Capture está activado, permite a usuarios locales a obtener información sensible del tráfico web leyendo ficheros no especificados. • https://exchange.xforce.ibmcloud.com/vulnerabilities/78447 https://kc.mcafee.com/corporate/index?page=content&id=SB10011 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4583
https://notcve.org/view.php?id=CVE-2012-4583
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión 3 y McAfee Email Gateway (MEG) v7.0 antes de la revisión 1 permiten a usuarios remotos autenticados obtener tokens de sesión de usuarios de su elección, navegando en el 'Dashboard'. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0161.html https://kc.mcafee.com/corporate/index?page=content&id=SB10020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 2%CPEs: 2EXPL: 1CVE-2010-3496
https://notcve.org/view.php?id=CVE-2010-3496
McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. McAfee VirusScan Enterprise v8.5i y v8.7i no interactúan de forma adecuada con el procesado de URLs hcp:// debido a la ayuda y centro de soporte de Microsoft, lo que facilita a los atacantes remotos ejecutar código a través de malware que se detecta correctamente por este producto, pero con una detección que se produce demasiado tarde para detener la ejecución de código. • http://www.n00bz.net/antivirus-cve http://www.securityfocus.com/archive/1/514356 https://kc.mcafee.com/corporate/index?page=content&id=SB10012 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2212 – McAfee Web Gateway And Squid Proxy 3.1.19 Bypass
https://notcve.org/view.php?id=CVE-2012-2212
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers ** CONTROVERTIDO ** McAfee Web Gateway v7.0 permite a atacantes remotos evitar la configuración de acceso para el método CONNECT, proporcionando un nombre de host arbitraria en la cabecera 'Host HTTP'. NOTA: este problema no puede ser reproducible, porque el investigador no proporcionó detalles de la configuración para el sistema vulnerable, y el comportamiento observado podría ser compatible con una configuración que fue (tal vez sin darse cuenta) diseñada para permitir el acceso basado en cabeceras 'Host HTTP'. • http://archives.neohapsis.com/archives/bugtraq/2012-04/0118.html http://archives.neohapsis.com/archives/bugtraq/2012-04/0164.html http://archives.neohapsis.com/archives/bugtraq/2012-04/0189.html • CWE-264: Permissions, Privileges, and Access Controls •