threat
engine
.sh
Back
·
··:··
Home
/
Product
/
mcafee web gateway
Product
mcafee web gateway
76 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-1254
>= 7.0.0 and < 7.8.2.31
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, an
6.1
MEDIUM
CVE-2021-3450
all versions
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not
7.4
HIGH
CVE-2021-3449
all versions
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego
5.9
MEDIUM
CVE-2021-23885
< 8.2.17
Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privil
9.0
CRITICAL
CVE-2021-3156
all versions
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalatio
7.8
HIGH
CVE-2020-7297
>= 7.8.0 and < 7.8.2.22
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access p
5.7
MEDIUM
CVE-2020-7296
>= 7.8.0 and < 7.8.2.23
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access p
5.7
MEDIUM
CVE-2020-7295
>= 7.8.0 and < 7.8.2.23
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete o
3.5
LOW
CVE-2020-7294
>= 7.8.0 and < 7.8.2.23
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete o
4.6
MEDIUM
CVE-2020-7293
>= 7.8.0 and < 7.8.2.23
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low pe
9.0
CRITICAL
CVE-2020-7292
>= 7.8.0 and < 7.8.2.22
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cau
4.3
MEDIUM
CVE-2019-3638
>= 7.8.2 and < 7.8.2.13
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 all
8.1
HIGH
CVE-2019-3644
>= 7.7.2.0 and < 7.7.2.24
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to
7.5
HIGH
CVE-2019-3643
>= 7.7.2.0 and < 7.7.2.24
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to
5.3
MEDIUM
CVE-2019-3639
>= 7.8.2.0 and < 7.8.2.12
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers
7.1
HIGH
CVE-2019-3635
>= 7.8.2.0 and < 7.8.2.12
Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting
6.5
MEDIUM
CVE-2019-9518
>= 7.7.2.0 and < 7.7.2.24
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker se
7.5
HIGH
CVE-2019-9517
>= 7.7.2.0 and < 7.7.2.24
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Th
7.5
HIGH
CVE-2019-9516
>= 7.7.2.0 and < 7.7.2.24
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stre
6.5
MEDIUM
CVE-2019-9515
>= 7.7.2.0 and < 7.7.2.24
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a s
7.5
HIGH
CVE-2019-9514
>= 7.7.2.0 and < 7.7.2.24
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a numb
7.5
HIGH
CVE-2019-9513
>= 7.7.2.0 and < 7.7.2.24
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates mul
7.5
HIGH
CVE-2019-9511
>= 7.7.2.0 and < 7.7.2.24
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading
7.5
HIGH
CVE-2019-6454
< 7.7.2.21
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-len
5.5
MEDIUM
CVE-2019-1559
>= 7.0.0 and < 9.0.0
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to
5.9
MEDIUM
CVE-2019-9169
>= 7.7.2.0 and < 7.7.2.21
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via
9.8
CRITICAL
CVE-2018-18311
>= 7.7.2 and < 7.7.2.21
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write ope
9.8
CRITICAL
CVE-2017-1000366
<= 7.6.2.14
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to
7.8
HIGH
CVE-2016-5310
all versions
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec E
5.5
MEDIUM
CVE-2016-5309
all versions
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec E
5.5
MEDIUM
CVE-2016-5313
<= 5.2.2
Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.
8.8
HIGH
CVE-2016-4448
<= 7.5.2.10
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in un
9.8
CRITICAL
CVE-2016-4447
>= 7.5.0.0 and <= 7.5.2.10
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of servi
7.5
HIGH
CVE-2016-1840
>= 7.5.0.0 and <= 7.5.2.10
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X
7.8
HIGH
CVE-2016-1839
>= 7.5.0.0 and <= 7.5.2.10
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1,
5.5
MEDIUM
CVE-2016-1838
>= 7.5.0.0 and <= 7.5.2.10
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tv
5.5
MEDIUM
CVE-2016-1837
>= 7.5.0.0 and <= 7.5.2.10
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before
5.5
MEDIUM
CVE-2016-1836
>= 7.5.0.0 and <= 7.5.2.10
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS
5.5
MEDIUM
CVE-2016-1834
>= 7.5.0.0 and <= 7.5.2.10
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.1
7.8
HIGH
CVE-2016-1833
>= 7.5.0.0 and <= 7.5.2.10
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, a
5.5
MEDIUM
CVE-2016-1762
<= 7.5.2.10
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read
8.1
HIGH
CVE-2015-6548
<= 5.2.2
Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with sof
CVE-2015-6547
<= 5.2.2
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticat
CVE-2015-5693
<= 5.2.2
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticat
CVE-2015-5692
<= 5.2.2
admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 all
CVE-2015-5691
<= 5.2.2
Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) applian
CVE-2015-5690
<= 5.2.2
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticat
CVE-2014-7285
<= 5.2.1
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbit
CVE-2014-6064
>= 7.3.0 and < 7.3.2.9
The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows rem
CVE-2014-1652
<= 5.1.1
Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remot
CVE-2014-1651
<= 5.1.1
SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote a
CVE-2014-1650
<= 5.2
SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authent
CVE-2013-5017
<= 5.2
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary c
9.8
CRITICAL
CVE-2014-2535
>= 7.2.0 and <= 7.2.0.9
Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier al
CVE-2013-5013
<= 5.1.1
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5
CVE-2013-5012
<= 5.1.1
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remo
CVE-2013-4673
<= 5.1
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication,
CVE-2013-4672
<= 5.1
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local
CVE-2013-4671
<= 5.1
Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1
CVE-2013-4670
<= 5.1
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5
CVE-2013-1617
<= 5.1
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow re
CVE-2013-1616
<= 5.1
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary comma
CVE-2012-4178
all versions
SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to e
CVE-2012-2977
all versions
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via cra
CVE-2012-2976
all versions
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands v
CVE-2012-2961
all versions
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to exe
CVE-2012-2957
all versions
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, rel
CVE-2012-2953
all versions
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via cra
CVE-2012-2574
all versions
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to exe
CVE-2012-0299
all versions
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbi
CVE-2012-0298
all versions
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or
CVE-2012-0297
all versions
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allo
CVE-2012-0296
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote
CVE-2012-2212
all versions
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary
CVE-2011-0549
all versions
SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute a
CVE-2010-0115
all versions
SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin