CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5829 – Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-5829
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. Symantec Endpoint Protection Manager (SEPM), versiones anteriores a 14.2 RU2 MP1, puede ser susceptible a una vulnerabilidad fuera de límites, que es un tipo de problema que resulta en que una aplicación existente lea la memoria fuera de los límites de la memoria que ha sido asignada al programa. This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the secars.dll module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://support.symantec.com/us/en/article.SYMSA1505.html • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5828 – Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-5828
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. Symantec Endpoint Protection Manager (SEPM), versiones anteriores a 14.2 RU2 MP1, puede ser susceptible a una vulnerabilidad fuera de límites, que es un tipo de problema que resulta en que una aplicación existente lea la memoria fuera de los límites de la memoria que ha sido asignada al programa. This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the secars.dll module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://support.symantec.com/us/en/article.SYMSA1505.html • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5831 – Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-5831
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. Symantec Endpoint Protection Manager (SEPM), versiones anteriores a 14.2 RU2 MP1, puede ser susceptible a una vulnerabilidad fuera de límites, que es un tipo de problema que resulta en que una aplicación existente lea la memoria fuera de los límites de la memoria que ha sido asignada al programa. This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the secars.dll module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://support.symantec.com/us/en/article.SYMSA1505.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18368
https://notcve.org/view.php?id=CVE-2018-18368
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Endpoint Protection Manager (SEPM), versiones anteriores a la versión 14.2 RU1, puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema por el cual un atacante puede intentar comprometer la aplicación de software para conseguir un acceso elevado a recursos que normalmente están protegidos de una aplicación o un usuario. • https://support.symantec.com/us/en/article.SYMSA1488.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-12759 – Symantec Endpoint Protection Manager LuComServer stDisScriptEngine Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-12759
Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Endpoint Protection Manager (SEPM) y Symantec Mail Security for MS Exchange (SMSMSE), versiones anteriores a las versiones 14.2 RU2 y 7.5.x respectivamente, pueden ser susceptibles a una vulnerabilidad de escalada de privilegios, que es un tipo de problema por el cual un atacante puede intentar comprometer la aplicación de software para conseguir un acceso elevado a recursos que normalmente están protegidos de una aplicación o un usuario. This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the stDisScriptEngine class within LuComServer. By invoking a method of this class, an attacker can launch an arbitrary executable. • https://support.symantec.com/us/en/article.SYMSA1488.html •