CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4017
https://notcve.org/view.php?id=CVE-2017-4017
17 May 2017 — User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface. Una divulgación de nombres de usuario en el servidor de McAfee Network Data Loss Prevention (NDLP) versiones 9.3.x, permite a los atacantes remotos visualizar la información del usuario por medio de la interfaz web del dispositivo. • http://www.securitytracker.com/id/1038523 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8519
https://notcve.org/view.php?id=CVE-2014-8519
29 Oct 2014 — Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors. Vulnerabilidad no especificada en McAfee Network Data Loss Prevention (NDLP) anterior a 9.2.2 permite a usuarios locales leer ficheros arbitrarios a través de vectores desconocidos. • https://kc.mcafee.com/corporate/index?page=content&id=SB10044 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8520
https://notcve.org/view.php?id=CVE-2014-8520
29 Oct 2014 — McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports. McAfee Network Data Loss Prevention (NDLP) anterior a 9.3 permite a atacantes remotos obtener información sensible a través de vectores relacionados con puertos de la red abiertos. • http://www.securityfocus.com/bid/70815 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8521
https://notcve.org/view.php?id=CVE-2014-8521
29 Oct 2014 — Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en McAfee Network Data Loss Prevention (NDLP) anterior a 9.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10053 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8522
https://notcve.org/view.php?id=CVE-2014-8522
29 Oct 2014 — The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access. La base de datos MySQL en McAfee Network Data Loss Prevention (NDLP) anterior a 9.3 no requiere una contraseña, lo que facilita a atacantes remotos obtener el acceso. • https://kc.mcafee.com/corporate/index?page=content&id=SB10053 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8523
https://notcve.org/view.php?id=CVE-2014-8523
29 Oct 2014 — Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en McAfee Network Data Loss Prevention (NDLP) anterior a 9.3 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos. • https://kc.mcafee.com/corporate/index?page=content&id=SB10053 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8524
https://notcve.org/view.php?id=CVE-2014-8524
29 Oct 2014 — McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors. McAfee Network Data Loss Prevention (NDLP) anterior a 9.3 no deshabilita la configuración de autocompletado para la contraseña y otros campos, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10053 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8525
https://notcve.org/view.php?id=CVE-2014-8525
29 Oct 2014 — McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. McAfee Network Data Loss Prevention (NDLP) anterior a 9.3 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para la cookie de la sesión, lo que facilita a atacantes remotos obtener información potencialmente sensible a través del acceso de secue... • http://www.securityfocus.com/bid/70823 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8526
https://notcve.org/view.php?id=CVE-2014-8526
29 Oct 2014 — McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. McAfee Network Data Loss Prevention (NDLP) anterior a 9.3 permite a usuarios locales obtener información sensible mediante la lectura de una traza de pilas Java. • https://kc.mcafee.com/corporate/index?page=content&id=SB10053 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8527
https://notcve.org/view.php?id=CVE-2014-8527
29 Oct 2014 — McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password." McAfee Network Data Loss Prevention (NDLP) anterior a 9.3 permite a usuarios locales obtener información sensible y afectar la integridad a través de vectores relacionados con una 'contraseña de texto plano.' • https://kc.mcafee.com/corporate/index?page=content&id=SB10053 • CWE-255: Credentials Management Errors •