The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of McAfee Web Gateway

computer vulnerability alert CVE-2018-11784

Apache Tomcat: open redirect via Directory Redirect

Synthesis of the vulnerability

Impacted products: Tomcat, Debian, ePO, McAfee Web Gateway, Snap Creator Framework, SnapManager, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 04/10/2018.
Identifiers: bulletinoct2018, CVE-2018-11784, DLA-1544-1, DLA-1545-1, NTAP-20181014-0002, openSUSE-SU-2018:3453-1, openSUSE-SU-2018:4042-1, SB10257, SB10264, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SUSE-SU-2018:3393-1, SUSE-SU-2018:3935-1, SUSE-SU-2018:3968-1, USN-3787-1, VIGILANCE-VUL-27396.

Description of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-12327

NTP.org: buffer overflow via Command Line openhost

Synthesis of the vulnerability

Impacted products: Fedora, AIX, McAfee Web Gateway, Meinberg NTP Server, NTP.org, openSUSE Leap, RHEL, Slackware, Spectracom SecureSync, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 2/4.
Consequences: administrator access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 16/08/2018.
Identifiers: CVE-2018-12327, FEDORA-2018-7051d682fa, FEDORA-2018-e585e25b72, openSUSE-SU-2018:3438-1, openSUSE-SU-2018:3452-1, RHSA-2018:3853-01, RHSA-2018:3854-01, SB10264, SSA:2018-229-01, SUSE-SU-2018:3342-1, SUSE-SU-2018:3351-1, SUSE-SU-2018:3352-1, SUSE-SU-2018:3356-1, SUSE-SU-2018:3386-1, VIGILANCE-VUL-27033.

Description of the vulnerability

An attacker can generate a buffer overflow via Command Line openhost() of NTP.org, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-6677 CVE-2018-6678

McAfee Web Gateway: two vulnerabilities

Synthesis of the vulnerability

Impacted products: McAfee Web Gateway.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 18/07/2018.
Identifiers: CVE-2018-6677, CVE-2018-6678, SB10245, VIGILANCE-VUL-26786.

Description of the vulnerability

An attacker can use several vulnerabilities of McAfee Web Gateway.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-13785

libpng: integer overflow via png_check_chunk_length

Synthesis of the vulnerability

Impacted products: Fedora, AIX, IBM i, libpng, McAfee Web Gateway, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 12/07/2018.
Identifiers: cpuoct2018, CVE-2018-13785, FEDORA-2018-04eded822e, FEDORA-2018-3e04e9fe54, ibm10743955, openSUSE-SU-2019:0042-1, openSUSE-SU-2019:0043-1, RHSA-2018:3000-01, RHSA-2018:3001-01, RHSA-2018:3002-01, RHSA-2018:3003-01, RHSA-2018:3007-01, RHSA-2018:3008-01, RHSA-2018:3533-01, RHSA-2018:3534-01, RHSA-2018:3671-01, RHSA-2018:3672-01, SB10255, SUSE-SU-2018:3868-1, SUSE-SU-2018:3920-1, SUSE-SU-2018:3921-1, SUSE-SU-2018:3933-1, SUSE-SU-2018:4064-1, SUSE-SU-2019:0049-1, SUSE-SU-2019:0057-1, SUSE-SU-2019:0058-1, USN-3712-1, USN-3712-2, VIGILANCE-VUL-26692.

Description of the vulnerability

An attacker can generate an integer overflow via png_check_chunk_length() of libpng, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-12941

UnRAR: out-of-bounds memory reading via Unpack-Unpack20

Synthesis of the vulnerability

Impacted products: McAfee Web Gateway, Windows (platform) ~ not comprehensive, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 13/06/2018.
Identifiers: CVE-2017-12941, SB10241, VIGILANCE-VUL-26408.

Description of the vulnerability

An attacker can force a read at an invalid address via Unpack::Unpack20() of UnRAR, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-12940

UnRAR: out-of-bounds memory reading via EncodeFileName-Decode

Synthesis of the vulnerability

Impacted products: McAfee Web Gateway, Windows (platform) ~ not comprehensive, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 13/06/2018.
Identifiers: CVE-2017-12940, SB10241, VIGILANCE-VUL-26407.

Description of the vulnerability

An attacker can force a read at an invalid address via EncodeFileName::Decode() of UnRAR, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-1122 CVE-2018-1123 CVE-2018-1124

procps: multiple vulnerabilities

Synthesis of the vulnerability

Impacted products: Debian, Fedora, Junos Space, McAfee Web Gateway, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 23/05/2018.
Identifiers: CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126, DLA-1390-1, DSA-4208-1, FEDORA-2018-bba8fed5ab, FEDORA-2018-de5de06754, JSA10917, openSUSE-SU-2018:1848-1, RHSA-2018:1700-01, RHSA-2018:1777-01, RHSA-2018:2267-01, RHSA-2018:2268-01, SB10241, SSA:2018-142-03, SUSE-SU-2018:1836-1, SUSE-SU-2018:2042-1, SUSE-SU-2018:2451-2, Synology-SA-18:51, USN-3658-1, USN-3658-2, USN-3658-3, VIGILANCE-VUL-26197.

Description of the vulnerability

An attacker can use several vulnerabilities of procps.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-5733

ISC DHCP: integer overflow via dhcpd

Synthesis of the vulnerability

Impacted products: Debian, Fedora, IBM i, ISC DHCP, McAfee Web Gateway, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5733, DLA-1313-1, DSA-4133-1, FEDORA-2018-5051dbd15e, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25402.

Description of the vulnerability

An attacker can generate an integer overflow via dhcpd of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2018-5732

ISC DHCP: buffer overflow via dhclient

Synthesis of the vulnerability

Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, IBM i, ISC DHCP, McAfee Web Gateway, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, WindRiver Linux.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service, denial of service on client.
Provenance: intranet server.
Confidence: confirmed by the editor (5/5).
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5732, DLA-1313-1, DSA-4133-1, FEDORA-2018-5051dbd15e, K08306700, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, Synology-SA-18:14, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25401.

Description of the vulnerability

An attacker can generate a buffer overflow via dhclient of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-7170 CVE-2018-7182 CVE-2018-7183

NTP.org: five vulnerabilities

Synthesis of the vulnerability

Impacted products: Blue Coat CAS, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, McAfee Web Gateway, Meinberg NTP Server, NTP.org, openSUSE Leap, Solaris, SafeNet Network HSM, Slackware, Spectracom SecureSync, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, data reading, denial of service on service.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 28/02/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-545, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185, FEDORA-2018-7051d682fa, FEDORA-2018-70c191d84a, FEDORA-2018-de113aeac6, FreeBSD-SA-18:02.ntp, JSA10898, K04912972, K13540723, K82570157, KB0018260, openSUSE-SU-2018:0970-1, openSUSE-SU-2018:3438-1, openSUSE-SU-2018:3452-1, SA165, SB10231, SB10264, SSA:2018-060-02, SUSE-SU-2018:1464-1, SUSE-SU-2018:1765-1, SUSE-SU-2018:3342-1, SUSE-SU-2018:3351-1, SUSE-SU-2018:3352-1, SUSE-SU-2018:3356-1, SUSE-SU-2018:3386-1, Synology-SA-18:13, Synology-SA-18:14, USN-3707-1, VIGILANCE-VUL-25397.

Description of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about McAfee Web Gateway: