CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8149
https://notcve.org/view.php?id=CVE-2015-8149
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests. El servicio LDAP en Symantec Encryption Management Server (SEMS) 3.3.2 en versiones anteriores a MP12 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria dinámica e interrupción de servicio) a través de peticiones manipuladas. • http://www.securityfocus.com/bid/83270 http://www.securitytracker.com/id/1035063 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160218_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6556
https://notcve.org/view.php?id=CVE-2015-6556
EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. EACommunicatorSrv.exe en el Framework Service en el cliente en Symantec Endpoint Encryption (SEE) en versiones anteriores a 11.1.0 permite a usuarios remotos autenticados descubrir credenciales mediante la activación de un volcado de memoria. • http://www.securityfocus.com/bid/78803 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151214_00 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4334
https://notcve.org/view.php?id=CVE-2015-4334
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication. La configuración por defecto de SGOS en Blue Coat ProxySG en versiones anteriores a 6.2.16.5, 6.5 en versiones anteriores a 6.5.7.1 y 6.6 en versiones anteriores a 6.6.2.1 reenvía retos de autenticación desde los servidores de contenido de origen (OCS) de subida cuando se usa en el despliegue de un proxy explícito, lo que hace más fácil para atacantes remotos obtener información sensible a través de un código de estado HTTP 407 (también conocido como Proxy Authentication Required), según lo demostrado cuando se utiliza autenticación NTLM. • http://www.securitytracker.com/id/1032149 https://bto.bluecoat.com/security-advisory/sa93 https://twitter.com/bugch3ck/status/591492380294979585 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6554
https://notcve.org/view.php?id=CVE-2015-6554
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. Symantec Endpoint Protection Manager (SEPM) 12.1 anteriores a 12.1-RU6-MP3 permite a atacantes remotos ejecutar comandos OS arbitrarios a través de datos manipulados. • http://www.securityfocus.com/bid/77494 http://www.securitytracker.com/id/1034139 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6555
https://notcve.org/view.php?id=CVE-2015-6555
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a 12.1-RU6-MP3 permite a atacantes remotos ejecutar código Java arbitrario mediante la conexión a la consola del puerto de Java. • http://www.securityfocus.com/bid/77495 http://www.securitytracker.com/id/1034139 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00 • CWE-94: Improper Control of Generation of Code ('Code Injection') •