CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8156
https://notcve.org/view.php?id=CVE-2015-8156
Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. Vulnerabilidad de ruta de búsqueda sin entrecomillar en Windows en EEDService en Symantec Endpoint Encryption (SEE) 11.x en versiones anteriores a 11.1.1 permite a usuarios locales obtener privilegios a través de un archivo ejecutable Troyano en el directorio %SYSTEMDRIVE%, según lo demostrado por program.exe. • http://www.securityfocus.com/bid/90050 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20160506_00 •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2204
https://notcve.org/view.php?id=CVE-2016-2204
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. La consola de gestión en dispositivos Symantec Messaging Gateway (SMG) Appliance en versiones anteriores a 10.6.1 permite a usuarios locales obtener acceso root-shell a través de la entrada en ventana de terminal manipulada. • http://www.securityfocus.com/bid/86138 http://www.securitytracker.com/id/1035609 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 3CVE-2016-2203 – Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure
https://notcve.org/view.php?id=CVE-2016-2203
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. La consola de gestión en dispositivos Symantec Messaging Gateway (SMG) Appliance en versiones anteriores a 10.6.1 permite a usuarios locales descubrir una contraseña AD cifrada aprovechando determinados privilegios de lectura. Symantec Brightmail versions 10.6.0-7 and below save the AD password in a place where it can be retrieved. • https://www.exploit-db.com/exploits/39715 http://packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-Credential-Grabber.html http://www.securityfocus.com/bid/86137 http://www.securitytracker.com/id/1035609 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00 https://www.broadcom.com/support/security-center/securityupdates/detail?fid=security_advisory&pvid=security_advisory&suid=20160418_00&year= • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2202
https://notcve.org/view.php?id=CVE-2016-2202
The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors. El componente Inventory Solution en Management Agent en el cliente en Symantec Altiris IT Management Suite (ITMS) hasta la versión 7.6 HF7 permite a usuarios locales eludir las restricciones destinadas a la lista negra de aplicaciones a través de vectores no especificados. • http://www.securityfocus.com/bid/85778 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160407_00 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8152
https://notcve.org/view.php?id=CVE-2015-8152
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. Vulnerabilidad de CSRF en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6-MP4 permite a usuarios remotos autenticados secuestrar la autenticación de administradores en peticiones que ejecutan código arbitrario añadiendo líneas a una secuencia de comandos de registro. • http://www.securityfocus.com/bid/84343 http://www.securitytracker.com/id/1035329 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00 • CWE-352: Cross-Site Request Forgery (CSRF) •