CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18376
https://notcve.org/view.php?id=CVE-2019-18376
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC. Una vulnerabilidad de divulgación de token CSRF, permite a un atacante remoto, con acceso al historial del navegador web de un usuario del Management Center (MC) autenticado o a un dispositivo de red, interceptar y registrar el tráfico hacia MC, obtener tokens CSRF y usaros luego para llevar a cabo ataques de tipo CSRF contra MC. • https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1751 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5832
https://notcve.org/view.php?id=CVE-2020-5832
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Data Center Security Manager Component, versiones anteriores a 6.8.2 (también se conoce como versión 6.8 MP2), puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema por el cual un atacante puede intentar comprometer la aplicación de software para conseguir un acceso elevado a recursos que normalmente están protegidos de una aplicación o un usuario. • https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1750 •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0CVE-2012-6277
https://notcve.org/view.php?id=CVE-2012-6277
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." Múltiples vulnerabilidades no especificadas en Autonomy KeyView IDOL versiones anteriores a 10.16, como es usado en Symantec Mail Security para Microsoft Exchange versiones anteriores a 6.5.8, Symantec Mail Security para Domino versiones anteriores a 8.1.1, Symantec Messaging Gateway versiones anteriores a 10.0.1, Symantec Data Loss Prevention (DLP) versiones anteriores a 11.6.1, IBM Notes versiones 8.5.x, IBM Lotus Domino versiones 8.5.x anteriores a 8.5.3 FP4, y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de un archivo diseñado, relacionado con "una serie de problemas subyacentes" en los que "algunos de estos casos demostraron corrupción de la memoria con una entrada controlada por el atacante y podrían ser explotados para ejecutar código arbitrario". • https://support.symantec.com/us/en/article.symsa1262.html https://tools.cisco.com/security/center/viewAlert.x?alertId=27482 https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277 https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277 https://www.kb.cert.org/vuls/id/849841 https://www.securityfocus.com/bid/56610 https&# •
CVSS: 7.8EPSS: 0%CPEs: 77EXPL: 0CVE-2020-5821
https://notcve.org/view.php?id=CVE-2020-5821
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit. Symantec Endpoint Protection (SEP) y Symantec Endpoint Protection Small Business Edition (SEP SBE), versiones anteriores a 14.2 RU2 MP1 y versiones anteriores a 14.2.5569.2100 respectivamente, pueden ser susceptibles a una vulnerabilidad de inyección DLL, que es un tipo de problema por el cual un individuo intenta ejecutar su propio código en lugar de un código legítimo como un medio para llevar a cabo una explotación. • https://support.symantec.com/us/en/article.SYMSA1505.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5830 – Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-5830
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. Symantec Endpoint Protection Manager (SEPM), versiones anteriores a 14.2 RU2 MP1, puede ser susceptible a una vulnerabilidad fuera de límites, que es un tipo de problema que resulta en que una aplicación existente lea la memoria fuera de los límites de la memoria que ha sido asignada al programa. This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the secars.dll module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://support.symantec.com/us/en/article.SYMSA1505.html • CWE-125: Out-of-bounds Read •