Total
324377 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-4028 | 2 Mcafee, Microsoft | 7 Anti-virus Plus, Endpoint Security, Host Intrusion Prevention and 4 more | 2024-11-21 | N/A |
| Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. | ||||
| CVE-2017-3972 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information. | ||||
| CVE-2017-3971 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers. | ||||
| CVE-2017-3969 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL. | ||||
| CVE-2017-3968 | 1 Mcafee | 2 Network Data Loss Prevention, Network Security Manager | 2024-11-21 | N/A |
| Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. | ||||
| CVE-2017-3967 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames. | ||||
| CVE-2017-3966 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL. | ||||
| CVE-2017-3965 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. | ||||
| CVE-2017-3964 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter. | ||||
| CVE-2017-3962 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. | ||||
| CVE-2017-3961 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes. | ||||
| CVE-2017-3960 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter. | ||||
| CVE-2017-3936 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | N/A |
| OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | ||||
| CVE-2017-3912 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | N/A |
| Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility. | ||||
| CVE-2017-3907 | 1 Mcafee | 1 Mcafee Threat Intelligence Exchange | 2024-11-21 | N/A |
| Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | ||||
| CVE-2017-3776 | 1 Lenovo | 1 Lenovo Help | 2024-11-21 | N/A |
| Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. | ||||
| CVE-2017-3775 | 1 Lenovo | 22 Flex System X240 M5, Flex System X240 M5 Bios, Flex System X280 X6 and 19 more | 2024-11-21 | N/A |
| Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code. | ||||
| CVE-2017-3774 | 2 Ibm, Lenovo | 43 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 40 more | 2024-11-21 | N/A |
| A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption. | ||||
| CVE-2017-3768 | 2 Ibm, Lenova | 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more | 2024-11-21 | N/A |
| An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease. | ||||
| CVE-2017-3765 | 2 Ibm, Lenovo | 30 1g L2-7 Slb Switch For Bladecenter, Bladecenter 1\, Bladecenter Layer 2\/3 Copper Ethernet Switch Module and 27 more | 2024-11-21 | N/A |
| In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted. | ||||