Latest CVE Feed
-
8.2
HIGHCVE-2017-3969
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.... Read more
Affected Products : network_security_manager- Published: Apr. 04, 2018
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2017-3968
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the data... Read more
- Published: Jun. 13, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-3967
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML fra... Read more
Affected Products : network_security_manager- Published: Apr. 04, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-3966
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the expo... Read more
Affected Products : network_security_manager- Published: Apr. 04, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-3965
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or... Read more
Affected Products : network_security_manager- Published: Apr. 04, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-3964
Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.... Read more
Affected Products : network_security_manager- Published: Apr. 04, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-3962
Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.... Read more
Affected Products : network_security_manager- Published: Jun. 12, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-3961
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attribut... Read more
Affected Products : network_security_manager- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-3960
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.... Read more
Affected Products : network_security_manager- Published: Jun. 12, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-3936
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it in... Read more
Affected Products : epolicy_orchestrator- Published: Jun. 13, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-3912
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.... Read more
- Published: Sep. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-3907
Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified ... Read more
Affected Products : mcafee_threat_intelligence_exchange- Published: Jun. 13, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-3776
Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information.... Read more
Affected Products : lenovo_help- Published: Apr. 19, 2018
- Modified: Nov. 21, 2024
-
6.9
MEDIUMCVE-2017-3775
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.... Read more
- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-3774
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providin... Read more
Affected Products : system_x3100_m4 system_x3250_m4 system_x3300_m4 system_x3500_m4 system_x3530_m4 system_x3550_m4 system_x3630_m4 system_x3650_m4 system_x3650_m4_hd system_x3750_m4 +34 more products- Published: Apr. 19, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-3768
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failure... Read more
Affected Products : bladecenter_hs22_firmware bladecenter_hs23_firmware bladecenter_hs23e_firmware flex_system_x220_m4_firmware flex_system_x222_m4_firmware flex_system_x240_m4_firmware flex_system_x280_m4_firmware flex_system_x440_m4_firmware flex_system_x480_m4_firmware flex_system_x880_m4_firmware +74 more products- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2017-3765
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. T... Read more
Affected Products : enterprise_network_operating_system flex_system_fabric_cn4093_10gb_converged_scalable_switch flex_system_fabric_en4093r_10gb_scalable_switch flex_system_fabric_si4093_10gb_system_interconnect_module flex_system_si4091_system_interconnect_module rackswitch_g7028 rackswitch_g7052 rackswitch_g8052 rackswitch_g8124e rackswitch_g8264 +20 more products- Published: Jan. 10, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-3762
Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with... Read more
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
6.2
MEDIUMCVE-2017-3718
Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access.... Read more
Affected Products : nuc_kit_firmware compute_card_firmware compute_stick_firmware nuc_kit_nuc7cjyh nuc_kit_d33217gke nuc_kit_d53427rke nuc_kit_d54250wyb nuc_kit_de3815tybe nuc_kit_dn2820fykh nuc_kit_nuc5cpyh +19 more products- Published: Jan. 10, 2019
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2017-3226
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read e... Read more
Affected Products : u-boot- Published: Jul. 24, 2018
- Modified: Nov. 21, 2024