CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-3643 – MWG scanners updated to address CVE-2019-9511
https://notcve.org/view.php?id=CVE-2019-3643
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. McAfee Web Gateway (MWG) versiones anteriores a 7.8.2.13 es vulnerable para un atacante remoto que explota el CVE-2019-9511, conllevando potencialmente a una denegación de servicio. Esto afecta a los proxies de escaneo. • https://kc.mcafee.com/corporate/index?page=content&id=SB10296 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3639 – MWG UI: Cross-Frame Scripting vulnerability
https://notcve.org/view.php?id=CVE-2019-3639
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. Una vulnerabilidad de secuestro de cliqueo en la consola web Administrator en McAfee Web Gateway (MWG) versiones 7.8.2.x anteriores a 7.8.2.12, permite a los atacantes remotos conducir ataques de secuestro de cliqueo por medio de una página web diseñada que contiene un iframe mediante el no envío de un encabezado HTTP X-Frame-Options. • https://kc.mcafee.com/corporate/index?page=content&id=SB10293 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3635 – MWG Proxy: Cross-Frame Scripting vulnerability
https://notcve.org/view.php?id=CVE-2019-3635
Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe. Una exfiltración de Datos en McAfee Web Gateway (MWG) versiones 7.8.2.x anteriores a 7.8.2.12, permite a los atacantes obtener datos confidenciales mediante el diseño de una página web compleja que activará la Puerta de Enlace Web para bloquear al usuario que acceda a un iframe. • https://kc.mcafee.com/corporate/index?page=content&id=SB10293 •
CVSS: 7.8EPSS: 4%CPEs: 42EXPL: 0CVE-2019-9513 – Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Algunas implementaciones de HTTP / 2 son vulnerables a los bucles de recursos, lo que puede conducir a una denegación de servicio. El atacante crea múltiples flujos de solicitud y baraja continuamente la prioridad de los flujos de una manera que provoca un cambio considerable en el árbol de prioridad. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html https://access.redhat.com/errata/RHSA-2019:2692 https:/ • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 3%CPEs: 44EXPL: 0CVE-2019-9515 – Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9515
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de configuraciones, lo que puede conducir a una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://seclists.org/fulldisclosure/2019/Aug/16 https://access.redhat.com/errata/RHSA-2019:2766 https://access.redhat.com/errata/RHSA-2019:2796 https://access.redhat.com/errata/RHSA-2019:2861 https://access.redhat.com/errata/RHSA-2019:2925 https://access.redhat.com/errata/RHSA-2019:2939 https://access.redhat.com/errata/RHSA-2019:2955 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •