Mcafee Web Gateway vulnerabilities
42 known vulnerabilities affecting mcafee/web_gateway.
Total CVEs
42
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH17MEDIUM19
Vulnerabilities
Page 2 of 3
CVE-2019-9513HIGHCVSS 7.5≥ 7.7.2.0, < 7.7.2.24≥ 7.8.2.0, < 7.8.2.13+1 more2019-08-13
CVE-2019-9513 [HIGH] CWE-400 CVE-2019-9513: Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of ser
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
nvd
CVE-2019-9518HIGHCVSS 7.5≥ 7.7.2.0, < 7.7.2.24≥ 7.8.2.0, < 7.8.2.13+1 more2019-08-13
CVE-2019-9518 [HIGH] CWE-400 CVE-2019-9518: Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a deni
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandw
nvd
CVE-2019-9516MEDIUMCVSS 6.5≥ 7.7.2.0, < 7.7.2.24≥ 7.8.2.0, < 7.8.2.13+1 more2019-08-13
CVE-2019-9516 [MEDIUM] CWE-400 CVE-2019-9516: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of serv
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the
nvd
CVE-2019-6454MEDIUMCVSS 5.5fixed in 7.7.2.21≥ 7.8.0, < 7.8.2.8+1 more2019-03-21
CVE-2019-6454 [MEDIUM] CWE-787 CVE-2019-6454: An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-obje
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the sta
nvd
CVE-2019-1559MEDIUMCVSS 5.9≥ 7.0.0, < 9.0.02019-02-27
CVE-2019-1559 [MEDIUM] CWE-203 CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to sen
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behave
nvd
CVE-2019-9169CRITICALCVSS 9.8≥ 7.7.2.0, < 7.7.2.21≥ 7.8.2.0, < 7.8.2.8+1 more2019-02-26
CVE-2019-9169 [CRITICAL] CWE-125 CVE-2019-9169: In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a h
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
nvd
CVE-2018-18311CRITICALCVSS 9.8≥ 7.7.2, < 7.7.2.21≥ 7.8.2, < 7.8.2.8+1 more2018-12-07
CVE-2018-18311 [CRITICAL] CWE-190 CVE-2018-18311: Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression t
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
nvd
CVE-2018-6667CRITICALCVSS 9.8≥ 7.8.1.0, < unspecified≥ unspecified, ≤ 7.8.1.52018-06-26
CVE-2018-6667 [CRITICAL] CWE-287 CVE-2018-6667: Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).
cvelistv5nvd
CVE-2017-1000366HIGHCVSS 7.8PoC≤ 7.6.2.14≥ 7.7.0.0, ≤ 7.7.2.22017-06-19
CVE-2017-1000366 [HIGH] CWE-119 CVE-2017-1000366: glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate th
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploita
nvd
CVE-2016-4448CRITICALCVSS 9.8≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-06-09
CVE-2016-4448 [CRITICAL] CWE-134 CVE-2016-4448: Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
nvd
CVE-2016-4447HIGHCVSS 7.5≥ 7.5.0.0, ≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-06-09
CVE-2016-4447 [HIGH] CWE-119 CVE-2016-4447: The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attack
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
nvd
CVE-2016-1834HIGHCVSS 7.8≥ 7.5.0.0, ≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-05-20
CVE-2016-1834 [HIGH] CWE-119 CVE-2016-1834: Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
nvd
CVE-2016-1840HIGHCVSS 7.8≥ 7.5.0.0, ≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-05-20
CVE-2016-1840 [HIGH] CWE-119 CVE-2016-1840: Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used i
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
nvd
CVE-2016-1833MEDIUMCVSS 5.5≥ 7.5.0.0, ≤ 7.5.2.10≤ 7.6.2.32016-05-20
CVE-2016-1833 [MEDIUM] CWE-125 CVE-2016-1833: The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
nvd
CVE-2016-1839MEDIUMCVSS 5.5PoC≥ 7.5.0.0, ≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-05-20
CVE-2016-1839 [MEDIUM] CWE-125 CVE-2016-1839: The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X befor
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
nvd
CVE-2016-1838MEDIUMCVSS 5.5PoC≥ 7.5.0.0, ≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-05-20
CVE-2016-1838 [MEDIUM] CWE-125 CVE-2016-1838: The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
nvd
CVE-2016-1837MEDIUMCVSS 5.5≥ 7.5.0.0, ≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-05-20
CVE-2016-1837 [MEDIUM] CWE-416 CVE-2016-1837: Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiter
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
nvd
CVE-2016-1836MEDIUMCVSS 5.5≥ 7.5.0.0, ≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-05-20
CVE-2016-1836 [MEDIUM] CWE-416 CVE-2016-1836: Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
nvd
CVE-2016-1762HIGHCVSS 8.1≤ 7.5.2.10≤ 7.6.2.32016-03-24
CVE-2016-1762 [HIGH] CWE-119 CVE-2016-1762: The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of servic
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
nvd
CVE-2014-6064MEDIUMCVSS 4.0≥ 7.3.0, < 7.3.2.9≥ 7.4.0, < 7.4.22014-09-02
CVE-2014-6064 [MEDIUM] CWE-200 CVE-2014-6064: The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and
The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors.
nvd