CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1254 – SWG URL redirection vulnerability
https://notcve.org/view.php?id=CVE-2022-1254
20 Apr 2022 — A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy. Una vulner... • https://kc.mcafee.com/corporate/index?page=content&id=SB10381 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.9EPSS: 13%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
25 Mar 2021 — The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectivel... • http://www.openwall.com/lists/oss-security/2021/03/27/1 • CWE-295: Improper Certificate Validation •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23885 – Privilege escalation vulnerability in McAfee Web Gateway (MWG) UI
https://notcve.org/view.php?id=CVE-2021-23885
17 Feb 2021 — Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page. Una vulnerabilidad de escalada de privilegios en McAfee Web Gateway (MWG) versiones anteriores a 9.2.8, permite a un usuario autenticado alcanzar privilegios elevados por medio de la interfaz de usuario y ejecutar comandos en el di... • https://kc.mcafee.com/corporate/index?page=content&id=SB10349 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 92%CPEs: 39EXPL: 95CVE-2021-3156 – Sudo Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-3156
26 Jan 2021 — Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de búfer basado en la pila, lo que permite la escalada de privilegios a root a través de "sudoedit -s" y un argumento de línea de comandos que termina con un solo caráct... • https://packetstorm.news/files/id/176932 • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7297 – Web Gateway (MWG) - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2020-7297
15 Sep 2020 — Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. Una vulnerabilidad de Escalada de Privilegios en McAfee Web Gateway (MWG) versiones anteriores a 9.2.1, permite a un usuario de la interfaz de usuario autenticado acceder a los datos protegidos del panel por medio de un control de acceso inapropiado en la interfaz de usuario • https://kc.mcafee.com/corporate/index?page=content&id=SB10323 • CWE-287: Improper Authentication •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7296 – Web Gateway (MWG) - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2020-7296
15 Sep 2020 — Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. Una vulnerabilidad de Escalada de Privilegios en McAfee Web Gateway (MWG) versiones anteriores a 9.2.1, permite a un usuario autenticado de la interfaz de usuario acceder a archivos de configuración protegidos por medio de un control de acceso inapropiado en la interfaz de usuario • https://kc.mcafee.com/corporate/index?page=content&id=SB10323 • CWE-287: Improper Authentication •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7295 – Web Gateway (MWG) - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2020-7295
15 Sep 2020 — Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. Una vulnerabilidad de Escalada de Privilegios en McAfee Web Gateway (MWG) versiones anteriores a 9.2.1, permite a un usuario autenticado de la interfaz de usuario eliminar o descargar datos de registro protegidos por medio de controles de acceso inapropiados en la interfaz de usuario • https://kc.mcafee.com/corporate/index?page=content&id=SB10323 • CWE-287: Improper Authentication •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7294 – Web Gateway (MWG) - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2020-7294
15 Sep 2020 — Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. Una vulnerabilidad de Escalada de Privilegios en McAfee Web Gateway (MWG) versiones anteriores a 9.2.1, permite a un usuario autenticado de la interfaz de usuario eliminar o descargar archivos protegidos por medio de controles de acceso inapropiados en la interfaz REST • https://kc.mcafee.com/corporate/index?page=content&id=SB10323 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7293 – Web Gateway (MWG) - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2020-7293
15 Sep 2020 — Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. Una vulnerabilidad de Escalada de Privilegios en McAfee Web Gateway (MWG) versiones anteriores a 9.2.1, permite a usuarios de la interfaz de usuario autenticados con permisos bajos cambiar la contraseña root del sistema por medio de controles de acceso inapropiados en la interfaz de... • https://kc.mcafee.com/corporate/index?page=content&id=SB10323 • CWE-287: Improper Authentication •