CVSS: 9.0EPSS: 28%CPEs: 1EXPL: 1CVE-2016-5313 – Symantec Web Gateway 5.2.2 OS Command Injection
https://notcve.org/view.php?id=CVE-2016-5313
Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. Symantec Web Gateway (SWG) en versiones anteriores a 5.2.5 permite a usuarios remotos autenticados a ejecutar comandos arbitrarios OS. Symantec Web Gateway versions 5.2.2 and below suffer from an OS command injection vulnerability in new_whitelist.php. • http://packetstormsecurity.com/files/139006/Symantec-Web-Gateway-5.2.2-OS-Command-Injection.html http://seclists.org/fulldisclosure/2016/Oct/24 http://www.securityfocus.com/bid/93284 http://www.securitytracker.com/id/1036973 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161005_00 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 95%CPEs: 1EXPL: 3CVE-2016-5312 – Symantec Messaging Gateway 10.6.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2016-5312
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. La vulnerabilidad de desplazamiento de directorios en el componente de creación de gráficos en Symantec Messaging Gateway en versiones anteriores a 10.6.2 permite a los usuarios autenticados remotos leer archivos arbitrarios a través de .. (punto punto) en el parámetro sn a brightmail/servlet/com.ve.kavachart.servlet.ChartStream. Symantec Messaging Gateway versions 10.6.1 and below suffer from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/40437 http://packetstormsecurity.com/files/138891/Symantec-Messaging-Gateway-10.6.1-Directory-Traversal.html http://seclists.org/fulldisclosure/2016/Sep/71 http://www.securityfocus.com/bid/93148 http://www.securitytracker.com/id/1036908 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160927_00 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2206
https://notcve.org/view.php?id=CVE-2016-2206
The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file. La consola de administración en Symantec Workspace Streaming (SWS) 7.5.x en versiones anteriores a 7.5 SP1 HF9 y 7.6.0 en versiones anteriores a 7.6 HF5 y Symantec Workspace Virtualization (SWV) 7.5.x en versiones anteriores a 7.5 SP1 HF9 y 7.6.0 en versiones anteriores a 7.6 HF5 permite a usuarios remotos autenticados leer archivos arbitrarios modificando el archivo de configuración de la descarga de archivos. • http://www.securityfocus.com/bid/89394 http://www.securitytracker.com/id/1036262 http://www.securitytracker.com/id/1036263 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5308
https://notcve.org/view.php?id=CVE-2016-5308
The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file. El controlador Client Intrusion Detection System (CIDS) en versiones anteriores a 15.0.6 en Symantec Endpoint Protection (SEP) y en versiones anteriores a 15.1.2 en Norton Security permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída del sistema) a través de un archivo Portable Executable (PE) mal formado. • http://www.securityfocus.com/bid/91608 http://www.securitytracker.com/id/1036264 http://www.securitytracker.com/id/1036265 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2205
https://notcve.org/view.php?id=CVE-2016-2205
Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors. Vulnerabilidad de salto de directorio en el archivo de configuración de la descarga de archivos en la consola de administración en Symantec Workspace Streaming (SWS) 7.5.x en versiones anteriores a 7.5 SP1 HF9 y 7.6.0 en versiones anteriores a 7.6 HF5 y Symantec Workspace Virtualization (SWV) 7.5.x en versiones anteriores a 7.5 SP1 HF9 y 7.6.0 en versiones anteriores a 7.6 HF5 permite a usuarios remotos autenticados leer archivos de la aplicación no especificados a través de vectores desconocidos. • http://www.securityfocus.com/bid/89395 http://www.securitytracker.com/id/1036262 http://www.securitytracker.com/id/1036263 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •