CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
25 Mar 2021 — The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectivel... • http://www.openwall.com/lists/oss-security/2021/03/27/1 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7268 – McAfee Email Gateway (MEG) - Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2020-7268
16 Sep 2020 — Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. Una vulnerabilidad de Salto de Directorio en McAfee Email Gateway (MEG) versiones anteriores a 7.6.406, permite a atacantes remotos saltar el sistema de archivos para acceder a archivos o directorios que están f... • https://kc.mcafee.com/corporate/index?page=content&id=SB10323 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8005
https://notcve.org/view.php?id=CVE-2016-8005
14 Mar 2017 — File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension. Vulnerabilidad de filtrado de extensión de archivo en Intel Security McAfee Email Gateway (MEG) en versiones anteriores a 7.6.404h1128596 permite a atacantes no identificar el nombre de archivo correctamente a través del escaneo de un cor... • https://kc.mcafee.com/corporate/index?page=content&id=SB10161 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3969
https://notcve.org/view.php?id=CVE-2016-3969
06 Apr 2016 — Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email. Vulnerabilidad de XSS en McAfee Email Gateway (MEG) 7.6.x en versiones anteriores a 7.6.404, cuando File Filtering está habilitado con la acción establecida a ESERVICES:REPLACE, permite a atacantes remotos inyectar secuencias de comandos web o H... • http://www.securitytracker.com/id/1035470 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2015-1619
https://notcve.org/view.php?id=CVE-2015-1619
17 Feb 2015 — Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. Vulnerabilidad de XSS en la interfaz del usuarios de Secure Web Mail Client en McAfee Email Gateway (MEG) 7.6.x anterior a 7.6.3.2, 7.5.x anterior a 75.6, 7.0.x hasta 7.0.5, 5.6, y anteriores permite a... • https://kc.mcafee.com/corporate/index?page=content&id=SB10099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2013-7103
https://notcve.org/view.php?id=CVE-2013-7103
14 Dec 2013 — McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. McAfee Email Gateway 7.6 permite a los administradores remotos autenticados ejecutar comandos arbitrarios mediante metacaracteres de shell en el atributo valor en,(1) un elemento TestFile XML o , (2) el nombre de hos... • http://osvdb.org/100581 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2013-7104
https://notcve.org/view.php?id=CVE-2013-7104
14 Dec 2013 — McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. McAfee Email Gateway 7.6 permite a los administradores remotos autenticados ejecutar comandos arbitrarios especificando en el atributo valor en un Comando(1) o el elemento de script XML(2). NOTA: este problema se puede combinar c... • http://osvdb.org/100581 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2013-7092
https://notcve.org/view.php?id=CVE-2013-7092
13 Dec 2013 — Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys. Múltiples vulnerabilidades de inyección SQL en / admin/cgi-bin/rpc/doReport/18 en McAfee Email Gateway 7.6 permiten a los usuarios remotos autenticados ejecutar comandos SQL a través de las claves: (1) events_col, (2) e... • http://osvdb.org/100582 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6349
https://notcve.org/view.php?id=CVE-2013-6349
02 Nov 2013 — McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors. McAfee Email Gateway (MEG) 7.0 antes de 7.0.4 y 7.5 antes de 7.5.1 permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://osvdb.org/98669 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4580
https://notcve.org/view.php?id=CVE-2012-4580
22 Aug 2012 — Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión v3 y McAfee Email Gateway... • https://kc.mcafee.com/corporate/index?page=content&id=SB10020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •