The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of McAfee Web Gateway

vulnerability announce CVE-2018-16864 CVE-2018-16865

systemd: memory corruption via alloca

Synthesis of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, McAfee Web Gateway, openSUSE Leap, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/01/2019.
Revision date: 10/05/2019.
Identifiers: cpuapr2019, CVE-2018-16864, CVE-2018-16865, DLA-1639-1, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, RHSA-2019:0049-01, RHSA-2019:0204-01, SB10276, SUSE-SU-2019:0053-1, SUSE-SU-2019:0054-1, SUSE-SU-2019:0054-2, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28232.

Description of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-9169

glibc: out-of-bounds memory reading via proceed_next_node

Synthesis of the vulnerability

An attacker can force a read at an invalid address via proceed_next_node() of glibc, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: BIG-IP Hardware, TMOS, McAfee Web Gateway, SIMATIC, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/04/2019.
Identifiers: CVE-2019-9169, K54823184, SB10278, SSB-439005, SUSE-SU-2019:1102-1, SUSE-SU-2019:14084-1, VIGILANCE-VUL-28995.

Description of the vulnerability

An attacker can force a read at an invalid address via proceed_next_node() of glibc, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-1559

OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Impacted products: SDS, SES, SNS, Debian, AIX, IBM i, Rational ClearCase, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Solaris, Percona Server, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, CERTFR-2019-AVI-325, cpuapr2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, ibm10876638, ibm10886659, JSA10949, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, openSUSE-SU-2019:1432-1, openSUSE-SU-2019:1637-1, RHBUG-1683804, RHBUG-1683807, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, SUSE-SU-2019:1362-1, SUSE-SU-2019:14091-1, SUSE-SU-2019:14092-1, SUSE-SU-2019:1553-1, SUSE-SU-2019:1608-1, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.

Description of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-6454

systemd: buffer overflow via D-Bus Message

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via D-Bus Message of systemd, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, McAfee Web Gateway, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service.
Provenance: document.
Creation date: 19/02/2019.
Identifiers: CVE-2019-6454, DLA-1684-1, DSA-4393-1, openSUSE-SU-2019:0255-1, openSUSE-SU-2019:0268-1, openSUSE-SU-2019:1450-1, RHSA-2019:0368-01, RHSA-2019:1322-01, RHSA-2019:1502-01, SB10278, SUSE-SU-2019:0424-1, SUSE-SU-2019:0425-1, SUSE-SU-2019:0426-1, SUSE-SU-2019:0428-1, SUSE-SU-2019:1265-1, SUSE-SU-2019:1364-1, USN-3891-1, VIGILANCE-VUL-28537.

Description of the vulnerability

An attacker can trigger a buffer overflow via D-Bus Message of systemd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-5742

RHEL 7: assertion error via Bind Debug Log Level

Synthesis of the vulnerability

An attacker can force an assertion error via Bind Debug Log Level of RHEL 7, in order to trigger a denial of service.
Impacted products: McAfee Web Gateway, RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/01/2019.
Identifiers: CVE-2018-5742, RHBUG-1655844, RHSA-2019:0194-01, SB10278, VIGILANCE-VUL-28403.

Description of the vulnerability

An attacker can force an assertion error via Bind Debug Log Level of RHEL 7, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-3581

McAfee Web Gateway: denial of service via Proxy Component

Synthesis of the vulnerability

An attacker can trigger a fatal error via Proxy Component of McAfee Web Gateway, in order to trigger a denial of service.
Impacted products: McAfee Web Gateway.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 09/01/2019.
Identifiers: CVE-2019-3581, SB10264, VIGILANCE-VUL-28194.

Description of the vulnerability

An attacker can trigger a fatal error via Proxy Component of McAfee Web Gateway, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-18311

Perl Core: integer overflow via Perl_my_setenv

Synthesis of the vulnerability

An attacker can generate an integer overflow via Perl_my_setenv() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, Fedora, Kubernetes, McAfee Web Gateway, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: 133204, bulletinjan2019, CVE-2018-18311, DLA-1601-1, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, HT209600, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, RHSA-2019:0109-01, SB10276, SB10278, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27916.

Description of the vulnerability

An attacker can generate an integer overflow via Perl_my_setenv() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-16395

Ruby: information disclosure via OpenSSL-X509-Name Equality

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via OpenSSL::X509::Name Equality of Ruby, in order to obtain sensitive information.
Impacted products: Debian, Avamar, Fedora, McAfee Web Gateway, Solaris, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 29/10/2018.
Identifiers: 534935, bulletinjan2019, CVE-2018-16395, DLA-1558-1, DSA-2019-103, DSA-4332-1, FEDORA-2018-319b9d0f68, RHSA-2018:3729-01, RHSA-2018:3730-01, RHSA-2018:3731-01, RHSA-2018:3738-01, SB10267, SUSE-SU-2019:1804-1, USN-3808-1, VIGILANCE-VUL-27628.

Description of the vulnerability

An attacker can bypass access restrictions to data via OpenSSL::X509::Name Equality of Ruby, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-11784

Apache Tomcat: open redirect via Directory Redirect

Synthesis of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Impacted products: Tomcat, Debian, Fedora, QRadar SIEM, ePO, McAfee Web Gateway, Snap Creator Framework, SnapManager, openSUSE Leap, Oracle Communications, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 04/10/2018.
Identifiers: bulletinoct2018, cpuapr2019, CVE-2018-11784, DLA-1544-1, DLA-1545-1, FEDORA-2018-b18f9dd65b, FEDORA-2018-b89746cb9b, ibm10874888, NTAP-20181014-0002, openSUSE-SU-2018:3453-1, openSUSE-SU-2018:4042-1, openSUSE-SU-2019:0084-1, openSUSE-SU-2019:1547-1, RHSA-2019:0130-01, RHSA-2019:0131-01, RHSA-2019:0485-01, RHSA-2019:1529-01, SB10257, SB10264, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SUSE-SU-2018:3393-1, SUSE-SU-2018:3935-1, SUSE-SU-2018:3968-1, USN-3787-1, VIGILANCE-VUL-27396.

Description of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-10844 CVE-2018-10845 CVE-2018-10846

GnuTLS: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of GnuTLS.
Impacted products: Debian, McAfee Web Gateway, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 24/09/2018.
Identifiers: CVE-2018-10844, CVE-2018-10845, CVE-2018-10846, DLA-1560-1, openSUSE-SU-2018:2854-1, openSUSE-SU-2018:2958-1, RHSA-2018:3050-01, SB10267, SUSE-SU-2018:2825-1, SUSE-SU-2018:2842-1, SUSE-SU-2018:2930-1, USN-3999-1, VIGILANCE-VUL-27305.

Description of the vulnerability

An attacker can use several vulnerabilities of GnuTLS.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about McAfee Web Gateway: