Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Web_gateway
(Mcafee)Repositories | https://github.com/Perl/perl5 |
#Vulnerabilities | 41 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-07-15 | CVE-2020-7292 | Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL. | Web_gateway | 4.3 | ||
2020-09-15 | CVE-2020-7293 | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. | Web_gateway | 9.0 | ||
2020-09-15 | CVE-2020-7294 | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. | Web_gateway | 4.6 | ||
2020-09-15 | CVE-2020-7295 | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. | Web_gateway | 4.6 | ||
2020-09-15 | CVE-2020-7296 | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. | Web_gateway | 5.7 | ||
2020-09-16 | CVE-2020-7297 | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. | Web_gateway | 5.7 | ||
2021-02-17 | CVE-2021-23885 | Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page. | Web_gateway | 8.8 | ||
2021-03-25 | CVE-2021-3450 | The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten.... | Fedora, Freebsd, Web_gateway, Web_gateway_cloud_service, Cloud_volumes_ontap_mediator, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider_firmware, Storagegrid, Storagegrid_firmware, Node\.js, Openssl, Commerce_guided_search, Enterprise_manager_for_storage_management, Graalvm, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_backup, Secure_global_desktop, Weblogic_server, Capture_client, Email_security, Sma100_firmware, Sonicos, Nessus, Nessus_agent, Nessus_network_monitor, Linux | 7.4 | ||
2016-06-09 | CVE-2016-4448 | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | Icloud, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Icewall_federation_agent, Web_gateway, Linux, Vm_server, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Slackware_linux, Log_correlation_engine, Libxml2 | 9.8 | ||
2016-06-09 | CVE-2016-4447 | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Icewall_federation_agent, Web_gateway, Vm_server, Libxml2 | 7.5 |