Security Bulletin: IBM MaaS360 Cloud Extender Mobile Enterprise Gateway (MEG) and VPN Module affected by multiple vulnerabilities (CVE-2024-29025, CVE-2024-22262, CVE-2023-6129, CVE-2024-0727, CVE-2024-22201, CVE-2023-6237)

Summary Vulnerabilities contained within OpenSSL a 3rd party component were addressed in the IBM MaaS360 VPN Module. Vulnerabilities contained within Netty, Spring Framework and Eclipse Jetty 3rd party components were addressed in the IBM MaaS360 Mobile Enterprise Gateway MEG Module. Vulnerabilit...

Fedora: Security Advisory for meg (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: meg-0.2.4-7.fc36

Fetch many paths for many hosts without killing the hosts...

Fedora: Security Advisory for meg (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: meg-0.2.4-6.fc35

Fetch many paths for many hosts without killing the hosts...

Fedora: Security Advisory for meg (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: meg-0.2.4-6.fc36

Fetch many paths for many hosts without killing the hosts...

Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway uses Eclipse Jetty with multiple known vulnerabilities

Summary Vulnerabilities contained within Eclipse Jetty a 3rd party component were identified and remediated in the IBM MaaS360 Mobile Enterprise Gateway MEG. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, cause...

CVE-2020-7268

CVE-2020-7268 affects McAfee Email Gateway (MEG) prior to version 7.6.406, where a path traversal vulnerability allows remote attackers to construct input that accesses files/directories outside the restricted directory. The issue stems from how external input is used to form file paths in the ME...

meg-andrews.com XSS vulnerability

Open Bug Bounty ID: OBB-706818 Description| Value ---|--- Affected Website:| meg-andrews.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

CVE-2016-8005

CVE-2016-8005 is a file-extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) prior to 7.6.404h1128596. An attacker can bypass proper filename detection by forging a filename with a null byte in the extension, as described in NVD and relatedOpenVAS entries. Affected produ...

CVE-2016-3969

McAfee Email Gateway (MEG) 7.6.x prior to 7.6.404 is affected by a cross-site scripting (XSS) vulnerability when File Filtering is enabled and the action is ESERVICES:REPLACE. An unauthenticated, remote attacker can exploit this by sending an attachment in a blocked email to trigger script execut...

CVE-2015-1619

CVE-2015-1619 affects McAfee Email Gateway (MEG) Secure Web Mail Client UI. Multiple sources describe an XSS vulnerability in the UI that permits remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. Affected versions include MEG 7.6.x before...

CVE-2013-6349

The MEG vulnerability CVE-2013-6349 affects McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1. It allows remote authenticated users to execute arbitrary commands via unspecified vectors. The Connected documents corroborate the affected versions and the impact, but do not supply a r...

CVE-2012-4595

McAfee Email and Web Security EWS 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway MEG 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors...

CVE-2012-4585

CVE-2012-4585 affects McAfee Email and Web Security (EWS) 5.x prior to 5.5 Patch 6 and 5.6 prior to Patch 3, and McAfee Email Gateway (MEG) 7.0 prior to Patch 1. The vulnerability allows remote authenticated users to read arbitrary files via a crafted URL. The available documents do not provide e...

CVE-2012-4581

The vulnerability CVE-2012-4581 affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. The root cause is that the server-side session token is not invalidated when the Management Console/Dashboard is closed, en...

CVE-2012-4597

The CVE-2012-4597 entry describes a cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 (through Patch 6) and 5.6 (through Patch 3), and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1. The issue enables remote attackers to inject arbitrary web script or HTML via vector...

CVE-2012-4582

McAfee EWS 5.x (before 5.5 Patch 6) and 5.6 (before Patch 3), and McAfee MEG 7.0 (before Patch 1) are affected by CVE-2012-4582. The vulnerability allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. The impact is administrative cr...

CVE-2012-4580

The CVE-2012-4580 issue affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. It is a cross-site scripting (XSS) vulnerability that allows a remote attacker to inject arbitrary web script or HTML via vectors r...