VYPR

Network Data Loss Prevention

by McAfee

CVEs (31)

  • CVE-2017-4014HigMay 17, 2017
    risk 0.52cvss 8.0epss 0.01

    Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.

  • CVE-2017-3968HigJun 13, 2018
    risk 0.49cvss 7.5epss 0.01

    Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted…

  • CVE-2017-3935HigOct 31, 2017
    risk 0.49cvss 7.5epss 0.01

    Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended…

  • CVE-2017-4012MedMay 17, 2017
    risk 0.42cvss 6.5epss 0.01

    Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request.

  • CVE-2017-4011MedMay 17, 2017
    risk 0.40cvss 6.1epss 0.03

    Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.

  • CVE-2017-3934MedOct 31, 2017
    risk 0.38cvss 5.9epss 0.01

    Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.

  • CVE-2017-3933MedOct 31, 2017
    risk 0.35cvss 5.4epss 0.01

    Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.

  • CVE-2017-4017MedMay 17, 2017
    risk 0.35cvss 5.3epss 0.01

    User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface.

  • CVE-2017-4016MedMay 17, 2017
    risk 0.35cvss 5.3epss 0.01

    Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header.

  • CVE-2017-4013MedMay 17, 2017
    risk 0.35cvss 5.3epss 0.01

    Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header.

  • CVE-2017-4015MedMay 17, 2017
    risk 0.29cvss 4.5epss 0.01

    Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.

  • CVE-2004-0230Aug 18, 2004
    risk 0.09cvss epss 0.81

    TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections,…

  • CVE-2014-8537Oct 29, 2014
    risk 0.00cvss epss 0.00

    McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs.

  • CVE-2014-8536Oct 29, 2014
    risk 0.00cvss epss 0.00

    McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages.

  • CVE-2014-8535Oct 29, 2014
    risk 0.00cvss epss 0.00

    McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors.

  • CVE-2014-8534Oct 29, 2014
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field.

  • CVE-2014-8533Oct 29, 2014
    risk 0.00cvss epss 0.02

    McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection.

  • CVE-2014-8532Oct 29, 2014
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in McAfee Network Data Loss Prevention before (NDLP) before 9.3 allows local users to obtain sensitive information and impact integrity via unknown vectors, related to partition mounting.

  • CVE-2014-8531Oct 29, 2014
    risk 0.00cvss epss 0.02

    The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors.

  • CVE-2014-8530Oct 29, 2014
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown vectors, related to simultaneous logins.

Page 1 of 2