CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7292 – Web Gateway (MWG) - Inappropriate Encoding for output context
https://notcve.org/view.php?id=CVE-2020-7292
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL. Una Codificación Inapropiada para el contexto de salida en McAfee Web Gateway (MWG) versiones anteriores a 9.2.1, permite al atacante remoto causar que MWG devuelva una respuesta de redireccionamiento ambigua haciendo que un usuario haga clic en una URL maliciosa. • https://kc.mcafee.com/corporate/index?page=content&id=SB10323 • CWE-838: Inappropriate Encoding for Output Context •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3638 – Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2019-3638
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. Una vulnerabilidad de tipo Cross Site Scripting Reflejado en la consola web Administrators en McAfee Web Gateway (MWG) versiones 7.8.x anteriores a 7.8.2.13, permite a atacantes remotos recolectar información confidencial o ejecutar comandos con las credenciales del administrador de MWG mediante el engaño del administrador para que haga clic sobre un enlace malicioso cuidadosamente construido. • https://kc.mcafee.com/corporate/index?page=content&id=SB10294 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-3644 – MWG scanners updated to address CVE-2019-9517
https://notcve.org/view.php?id=CVE-2019-3644
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. McAfee Web Gateway (MWG) versiones anteriores a 7.8.2.13, es vulnerable para un atacante remoto que explota el CVE-2019-9517, conllevando potencialmente a una denegación de servicio. Esto afecta los proxies de escaneo. • https://kc.mcafee.com/corporate/index?page=content&id=SB10296 •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-3643 – MWG scanners updated to address CVE-2019-9511
https://notcve.org/view.php?id=CVE-2019-3643
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. McAfee Web Gateway (MWG) versiones anteriores a 7.8.2.13 es vulnerable para un atacante remoto que explota el CVE-2019-9511, conllevando potencialmente a una denegación de servicio. Esto afecta a los proxies de escaneo. • https://kc.mcafee.com/corporate/index?page=content&id=SB10296 •
CVSS: 7.8EPSS: 1%CPEs: 35EXPL: 0CVE-2019-9518 – Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9518
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://seclists.org/fulldisclosure/2019/Aug/16 https://access.redhat.com/errata/RHSA-2019:2925 https://access.redhat.com/errata/RHSA-2019:2939 https://access.redhat.com/errata/RHSA-2019:2955 https://access.redhat.com/errata/RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:4352 https://access.redhat.com/errata/RHSA-2020:0727 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •