VYPR

Web Gateway

by McAfee

CVEs (31)

  • CVE-2018-6667CriJun 26, 2018
    risk 0.65cvss 10.0epss 0.04

    Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).

  • CVE-2016-4448CriJun 9, 2016
    risk 0.64cvss 9.8epss 0.07

    Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

  • CVE-2018-6678CriJul 23, 2018
    risk 0.59cvss 9.1epss 0.01

    Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.

  • CVE-2018-6677CriJul 23, 2018
    risk 0.59cvss 9.1epss 0.02

    Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.

  • CVE-2017-1000366HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.03

    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent…

  • CVE-2016-4447HigJun 9, 2016
    risk 0.50cvss 7.5epss 0.14

    The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

  • CVE-2016-1762HigMar 24, 2016
    risk 0.46cvss 8.1epss 0.06

    The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2016-1840HigMay 20, 2016
    risk 0.44cvss 7.8epss 0.03

    Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2016-1834HigMay 20, 2016
    risk 0.44cvss 7.8epss 0.05

    Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…

  • CVE-2016-1839MedMay 20, 2016
    risk 0.32cvss 5.5epss 0.07

    The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2016-1838MedMay 20, 2016
    risk 0.32cvss 5.5epss 0.07

    The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML…

  • CVE-2016-1837MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.04

    Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial…

  • CVE-2016-1836MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.04

    Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

  • CVE-2016-1833MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.03

    The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2022-1254Apr 20, 2022
    risk 0.00cvss epss 0.01

    A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by…

  • CVE-2021-23885Feb 17, 2021
    risk 0.00cvss epss 0.01

    Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.

  • CVE-2020-7297Sep 15, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.

  • CVE-2020-7296Sep 15, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.

  • CVE-2020-7295Sep 15, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.

  • CVE-2020-7294Sep 15, 2020
    risk 0.00cvss epss 0.00

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.

Page 1 of 2