CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0CVE-2014-3436
https://notcve.org/view.php?id=CVE-2014-3436
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size. Symantec Encryption Desktop 10.3.x anterior a 10.3.2 MP3, y Symantec PGP Desktop 10.0.x hasta 10.2.x, permite a atacantes remotos causar una denegación de servicio (consumo CPU y memoria) a través de un mensaje de e-mail cifrado manipulado que se descomprime a un tamaño más grande. • http://www.securityfocus.com/bid/69259 http://www.securitytracker.com/id/1030761 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/95406 • CWE-310: Cryptographic Issues •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 3CVE-2014-3434 – Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-3434
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. Desbordamiento de buffer en el controlador sysplant en Symantec Endpoint Protection (SEP) Client 11.x y 12.x anterior a 12.1 RU4 MP1b, y Small Business Edition anterior a SEP 12.1, permite a usuarios locales ejecutar código arbitrario a través de un argumento largo en una llamada 0x00222084 IOCTL. Symantec Endpoint Protection versions 11.x and 12.x suffer from a kernel pool overflow vulnerability. • https://www.exploit-db.com/exploits/34272 http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html http://secunia.com/advisories/58996 http://secunia.com/advisories/59697 http://www.exploit-db.com/exploits/34272 http://www.kb.cert.org/vuls/id/252068 http://www.osvdb.org/109663 http://www.securityfocus.com/bid/68946 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2014-3433
https://notcve.org/view.php?id=CVE-2014-3433
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue. Vulnerabilidad de XSS en la consola de gestión en Symantec Data Insight 3.x y 4.x anterior a 4.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un campo de formulario no especificado, relacionado con un problema de 'inyección de secuencias de comandos HTML'. • http://www.securityfocus.com/bid/68161 http://www.securitytracker.com/id/1030472 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 71%CPEs: 3EXPL: 0CVE-2014-3432
https://notcve.org/view.php?id=CVE-2014-3432
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. Vulnerabilidad de XSS en la consola de gestión en Symantec Data Insight 3.x y 4.x anterior a 4.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un campo de formulario no especificado. • http://secunia.com/advisories/59538 http://secunia.com/advisories/59561 http://www.securityfocus.com/bid/68160 http://www.securitytracker.com/id/1030472 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2014-3431
https://notcve.org/view.php?id=CVE-2014-3431
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. Symantec PGP Desktop 10.x, y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP2, en OS X utiliza permisos de lectura universal para ficheros temporales, lo que permite a usuarios locales evadir restricciones sobre la lectura de ficheros, modificación, creación y cambios de permisos a través de vectores no especificados. • http://secunia.com/advisories/59421 http://www.securityfocus.com/bid/68077 http://www.securitytracker.com/id/1030454 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00 • CWE-264: Permissions, Privileges, and Access Controls •