CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3962 – McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability
https://notcve.org/view.php?id=CVE-2017-3962
Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. Vulnerabilidad de explotación de recuperación de contraseña en el mecanismo de autenticación sin estar basado en certificados en McAfee Network Security Management (NSM) en versiones anteriores a la 8.2.7.42.2 permite que atacantes descifren contraseñas de usuario mediante hashes sin sal. • https://kc.mcafee.com/corporate/index?page=content&id=SB10192 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3960 – McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability
https://notcve.org/view.php?id=CVE-2017-3960
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter. Vulnerabilidad de explotación de autorización en la interfaz web en McAfee Network Security Management (NSM) en versiones anteriores a la 8.2.7.42.2 permite que usuarios autenticados obtengan privilegios elevados mediante un parámetro HTTP request manipulado. • https://kc.mcafee.com/corporate/index?page=content&id=SB10192 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6670 – External Entity Attack vulnerability in McAfee Common UI (CUI)
https://notcve.org/view.php?id=CVE-2018-6670
External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter. Vulnerabilidad de ataque de entidad externa en la extensión ePO en McAfee Common UI (CUI) 2.0.2 permite que usuarios remotos autenticados vean información confidencial mediante un parámetro de petición HTTP manipulado. • https://kc.mcafee.com/corporate/index?page=content&id=SB10236 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6662 – SB10232 - McAfee Management of Native Encryption (MNE) - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2018-6662
Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input. Vulnerabilidad de escalado de privilegios en McAfee Management of Native Encryption (MNE) en versiones anteriores a la 4.1.4 permite que usuarios locales obtengan privilegios elevados mediante una entrada de usuario manipulada. • http://www.securityfocus.com/bid/104009 https://kc.mcafee.com/corporate/index?page=content&id=SB10232 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-6664 – SB10233 - Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 - Application Protections Bypass vulnerability
https://notcve.org/view.php?id=CVE-2018-6664
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. Vulnerabilidad de omisión de protecciones de aplicación en Microsoft Windows en McAfee Data Loss Prevention (DLP) Endpoint, en versiones anteriores a la 10.0.500, y DLP Endpoint en versiones anteriores a la 11.0.400 permite que usuarios autenticados omitan la acción de bloqueo del producto mediante una utilidad de línea de comandos. • http://www.securityfocus.com/bid/104299 http://www.securitytracker.com/id/1040895 https://kc.mcafee.com/corporate/index?page=content&id=SB10233 https://kc.mcafee.com/corporate/index?page=content&id=SB10237 • CWE-347: Improper Verification of Cryptographic Signature •