Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Web_gateway
(Mcafee)Repositories | https://github.com/Perl/perl5 |
#Vulnerabilities | 41 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-09-15 | CVE-2020-7293 | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. | Web_gateway | 9.0 | ||
2020-09-15 | CVE-2020-7294 | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. | Web_gateway | 4.6 | ||
2020-09-15 | CVE-2020-7295 | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. | Web_gateway | 4.6 | ||
2020-09-15 | CVE-2020-7296 | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. | Web_gateway | 5.7 | ||
2020-09-16 | CVE-2020-7297 | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. | Web_gateway | 5.7 | ||
2021-02-17 | CVE-2021-23885 | Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page. | Web_gateway | 8.8 | ||
2021-03-25 | CVE-2021-3450 | The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten.... | Fedora, Freebsd, Web_gateway, Web_gateway_cloud_service, Cloud_volumes_ontap_mediator, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider_firmware, Storagegrid, Storagegrid_firmware, Node\.js, Openssl, Commerce_guided_search, Enterprise_manager_for_storage_management, Graalvm, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_backup, Secure_global_desktop, Weblogic_server, Capture_client, Email_security, Sma100_firmware, Sonicos, Nessus, Nessus_agent, Nessus_network_monitor, Linux | 7.4 | ||
2016-06-09 | CVE-2016-4448 | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | Icloud, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Icewall_federation_agent, Web_gateway, Linux, Vm_server, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Slackware_linux, Log_correlation_engine, Libxml2 | 9.8 | ||
2016-06-09 | CVE-2016-4447 | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Icewall_federation_agent, Web_gateway, Vm_server, Libxml2 | 7.5 | ||
2017-06-19 | CVE-2017-1000366 | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. | Debian_linux, Glibc, Web_gateway, Suse_linux_enterprise_desktop, Suse_linux_enterprise_point_of_sale, Suse_linux_enterprise_server, Cloud_magnum_orchestration, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_long_life, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_for_sap, Linux_enterprise_server, Linux_enterprise_server_for_raspberry_pi, Linux_enterprise_software_development_kit | 7.8 |